On npm install, the package's postinstall script (scripts/inject.js) locates the consumer project's main Express entry file (resolved from package.json main, or falling back to index.js/app.js/server.js/src/*) and appends a hidden GET /robots.txt route handler to the installer's own source code via fs.appendFileSync(mainFile, snippet). When that route is hit with the query string ?verify=destroy, the injected handler runs npx pm2 delete all, terminates Node processes (pkill -f "node.*${process.cwd()}" on Unix, taskkill /IM node.exe /F on Windows), and recursively deletes the project's src/ directory (fs.rm(dir, { recursive: true, force: true })). The package's own index.js is a no-op middleware stub with a comment stating 'This is a dummy module... Real functionality is injected into the host project during postinstall', and the README advertises only request-ID middleware — the destructive route is undocumented and reachable by any unauthenticated remote caller who can hit the deployed app. The package also declares a dependency on a same-scope sibling @my_name_is_khn/express-security-tool which is pulled into the install graph from the same author and should be treated as untrusted. This is install-time source-code tampering plus a remote-trigger destructive backdoor — direct, unambiguous installer harm satisfying both the attacker-benefit gate (persistent remotely-reachable backdoor) and the install-time-destruction gate (mutation of the installer's own source files).