On install, package.json runs a postinstall hook (node run.js) that triggers beacon scripts (beacon20.js, beacon_linux.js) shipped in the tarball. The beacons load child_process, os, https, and http, gather host fingerprints (os.hostname(), os.platform(), process.platform, process.env) and command output via exec(...), and transmit the data outbound — beacon_linux.js issues an http.request(...) POST containing host details, while beacon20.js performs https.request(...) calls including requests against the Azure management API endpoint. There is no advertised purpose that justifies a host-info beacon firing automatically at install time, and the data collected (env vars, hostname, platform, command output) is classic installer-side reconnaissance and credential-surface telemetry. Installing this package executes the beacon on npm install and leaks installer-machine information to the embedded destinations.