Package declares a postinstall hook ("postinstall": "node install.js") that runs install.js automatically on npm install. install.js imports https, fs, os, and child_process and collects host identifiers including os.hostname() and os.userInfo(), uses execSync for additional system enumeration, probes filesystem paths via fs.existsSync, and POSTs the collected data over an outbound https.request. This is the canonical install-time host-reconnaissance / exfiltration pattern: the package's only effect on installation is to harvest system identity and ship it off-host. There is no documented library functionality justifying the network beacon at install time.