Package ships a postinstall lifecycle hook (node run.js) that runs automatically on npm install. The executed script imports os, https, http, and child_process, reads host identifiers via os.hostname() and os.platform(), and issues outbound HTTP/HTTPS POST requests. This combination — install-time auto-execution + host-identity collection + outbound POSTs + child_process — is the canonical install-time host-beacon / dropper shape. The package name (string-tools-be6c) is a generic-name + random-hex-suffix pattern characteristic of throwaway supply-chain attack publications with no legitimate utility matching the observed runtime behavior.