On require()/import (package main is launcher.js with no install hook), the package performs the following without consent: (1) Persistence — runs PowerShell to write an HKCU\Software\Microsoft\Windows\CurrentVersion\Run entry named 'OneDriveUpdate' that points at a bundled OneDrive.Standalone.Updater.vbs which silently launches node launcher.js on every login (WScript.Shell.Run with windowStyle=0). The name impersonates the Microsoft OneDrive updater. (2) Self-relaunching hidden daemon — kills any process listening on port 3000, then spawns a detached supervisor copy of itself (detached: true, stdio: 'ignore', windowsHide: true) which respawns a worker forever; the original process exits, leaving a hidden background daemon. (3) Process masquerade — both supervisor and worker set process.title = 'Runtime Broker' to impersonate the legitimate Windows RuntimeBroker.exe in Task Manager. (4) Browser surveillance — every 3 seconds, generates a PowerShell script that uses System.Windows.Automation to enumerate Edit controls in Chrome/Edge/Opera/Opera GX/Brave windows and reads their address-bar Value/Name (currently scanning for YouTube video id wJWta2lO0Lw, but the same code path reads any URL the user is visiting). (5) Obfuscated payload — launcher.js eval()s a 162KB obfuscator.io-style server.obf.js that uses RC4-decoded string arrays and dispatcher functions to hide its behavior from inspection. (6) HWID fingerprint exfiltration — the obfuscated payload computes SHA-256 over HKLM MachineGuid | hostname | volume serial and POSTs {key, hwid, nonce, app, version} to a hardcoded license endpoint embedded in the obfuscated strings. (7) Undisclosed native payload — bundles sens.node, a 6.6MB Windows PE containing strings 'Freecam', 'Teleport', 'spawnVehicle', 'Waypoint', '__licenseAccepted' — i.e., a GTA V / FiveM game cheat module — while package.json describes the package only as 'Sensivity Control Panel'. Any developer who installs sensivity from npm gets persistent hidden autorun, a masqueraded background daemon, browser-URL surveillance, hardware-fingerprint exfiltration, and a game-cheat binary on their Windows machine.