package.json declares postinstall: node recon.js, which fires automatically on npm install. recon.js enumerates installer-side secrets — AWS_SECRET_ACCESS_KEY, NPM_TOKEN, GITLAB_ACCESS_TOKEN, SSH_PRIVATE_KEY, DB_PASSWORD, MNEMONIC and similar credential-shaped environment variables — reads .env files at multiple paths, and lists CI runner directories such as /builds/ and /home/gitlab-runner/. It also collects host/identity reconnaissance (hostname, platform, user, cwd, CI_PROJECT_PATH, CI_JOB_ID, CI_REGISTRY_USER/PASSWORD). The collected data is JSON-serialized and POSTed via https.request with rejectUnauthorized:false to webhook.site/d6d18927-e513-4df7-b019-58bfc64fe0dd and enqoojbegdvxj.x.pipedream.net. The package is named cryptodao-deploy and published at version 99.99.99 with an in-source comment 'CryptoDAO Dependency Confusion Reconnaissance Payload', indicating intent to override an internal private package via dependency-confusion resolution and run the exfil payload inside the victim's CI.

The OpenSSF Package Analysis project identified 'cryptodao-deploy' @ 99.99.99 (npm) as malicious.

It is considered malicious because:

• The package communicates with a domain associated with malicious activity.