axl-ui@9.9.99 is a dependency-confusion squat targeting an internal package name. package.json declares a postinstall hook (node beacon.js) that fires automatically on npm install. beacon.js reads os.hostname() and transmits it to a hardcoded Burp Collaborator out-of-band host (tspeuj1fodn3cj8v30uck2fs4jaby1mq.oastify.com) via two channels: a DNS lookup of <nonce>.host.<collaborator> and an HTTPS POST with JSON body {pkg, nonce, host}. The version number 9.9.99 and the self-described "internal placeholder" description are the canonical dependency-confusion shape: any private build that resolves axl-ui from public npm will execute the beacon and leak the host identity to the attacker. Even if framed as a research proof-of-concept, the harm to installers is real — installer-side data leaves the build machine to an attacker-controlled endpoint without consent.

The OpenSSF Package Analysis project identified 'axl-ui' @ 9.9.99 (npm) as malicious.

It is considered malicious because:

• The package communicates with a domain associated with malicious activity.