The package advertises itself as a PostCSS plugin for CSS hardware-acceleration hints, but its only legitimate behavior is a 3-line walkDecls that adds will-change: transform. When the plugin factory in lib/index.js is invoked (which happens automatically when a developer wires the plugin into their PostCSS pipeline), it reads assets/driver-shim.bin (a 55,928-byte comma-separated integer list), XOR-decodes every byte with 0xA5 to recover ~56 KB of JavaScript source, and executes that source via vm.Script(...).runInContext(...) with require, process, console, and Buffer exposed in the context — granting the decoded code full Node privileges including filesystem and network access. Decoding confirms the bytes are JavaScript source (recurring function and require tokens, quoted module names). Before decoding, lib/index.js:18-21 checks process.env.CI || process.env.CONTINUOUS_INTEGRATION and !process.stdout.isTTY and returns early in those cases — a deliberate sandbox-evasion gate that keeps the payload dormant on CI runners and automated scanners while firing on interactive developer workstations. The combination of (a) a cover-story package whose advertised purpose is unrelated to its actual code, (b) an XOR-obfuscated executable blob shipped as a.bin asset, (c) vm.Script execution of that blob with full Node capabilities, and (d) a CI/headless evasion gate is the canonical supply-chain attack fingerprint.