lib/bootstrap.js contains a hardcoded outbound channel to https://transscendsurvival.org alongside calls to https://api.github.com and reads of process.env, with an https.get invocation at line 154. The transscendsurvival.org domain is not a documented vendor or publisher endpoint and matches the shape of an attacker-controlled C2/exfiltration host — pairing environment-variable reads with a hardcoded non-publisher destination is the canonical credential/secret-exfiltration pattern. Installing or loading this package routes installer-side environment data and GitHub API interactions through this third-party host.