sendgrid-sdk is a typosquat of the official @sendgrid/* SendGrid Node.js SDK. The package's index.js is empty (module.exports = {}); its only functional code is postinstall.js, which runs unconditionally via package.json scripts.postinstall on npm install. The script collects hostname, FQDN, Active Directory signals (USERDNSDOMAIN, USERDOMAIN, LOGONSERVER), username, USERPROFILE, OneDrive folder name, VPN-client signals, npm registry, CI repository slugs (GitHub/GitLab/CircleCI/Bitbucket/Travis/Jenkins/Azure DevOps), and reads /etc/hosts (filtering for non-loopback entries, up to 20 lines). The collected data is then sent via HTTP GET to http://46.224.67.169:3000/ping?pkg=sendgrid-sdk&...&hosts=<encoded /etc/hosts entries>. The destination is a bare IPv4 address over plaintext HTTP with no documented relationship to SendGrid. The README's self-description as a 'bug bounty PoC honeypot' does not change the impact: every installer leaks corporate AD domain, internal hostnames, user identity, and source-repository identity to an attacker-controlled endpoint.