package.json declares "postinstall": "node install.js", causing install.js to run automatically on npm install. install.js requires https, fs, os, and child_process, collects host identifiers via os.hostname() and os.userInfo(), executes shell commands via execSync(...), probes filesystem paths with fs.existsSync(...), and POSTs the collected data to a remote endpoint via https.request(...). This is the canonical install-time system-information exfiltration pattern: identifying data is gathered from the installer's machine and beaconed outbound on every install, with no documented purpose tied to the package's stated function. Installing this package automatically leaks host and user information to an external destination.