The package declares a postinstall hook ("postinstall": "node run.js") that runs run.js automatically on npm install. run.js imports os, https, http, and child_process, reads host identifiers and environment data (process.env.USER, os.hostname(), os.platform(), process.cwd()), base64-encodes the payload (Buffer.from(...).toString('base64')), and exfiltrates it via outbound HTTP/HTTPS requests (multiple POST calls and a GET). The package name appears to be a numeric-suffixed lure with no legitimate documented purpose, and the postinstall behavior is a credential/host-recon exfiltration pattern rather than any build or setup task. Installing this package causes immediate, unattended exfiltration of installer host data to an attacker-controlled endpoint.