Package declares a postinstall hook ("postinstall": "node run.js") that fires automatically on npm install. The tarball ships beacon scripts (beacon18.js, beacon_linux.js) that import child_process, os, and http, read host identifiers via os.hostname() / os.platform(), and issue outbound HTTP GET/POST requests carrying that data. The combination — automatic install-time execution, host enumeration, child_process reachability, and unsolicited outbound HTTP from an unknown low-reputation package named with a random suffix — matches a host-beacon / exfiltration shape with no legitimate library purpose. Installing this package on a developer or CI machine causes immediate disclosure of host metadata to an external endpoint and provides the publisher a foothold for follow-on commands.