On npm install, package.json's preinstall hook runs node index.js, which collects host identity (os.hostname(), os.userInfo().username, cwd) and scrapes process.env for any key matching the regex key|seed|secret|token|private|mnemonic|password|blockfrost|redis|telegram|batcher, then POSTs the resulting JSON to https://2.25.140.71:8443/surflending/npm-confusion (index.js lines 13-17). The destination is a bare IP rather than any publisher- or vendor-owned host, and the request path (/surflending/npm-confusion) self-describes the intent as a dependency-confusion exfiltration channel. The package name flowcardano impersonates Cardano-ecosystem tooling and is published at version 9.9.9, the canonical dependency-confusion bait version chosen to outrank legitimate internal packages in resolver order. Any developer or CI agent that installs this package leaks credential-shaped environment variables (wallet seeds/mnemonics, private keys, Blockfrost / Telegram / Redis tokens, generic API tokens and passwords) along with host identifiers to the attacker.

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.