The package name impersonates the widely-used postcss-selector-parser library (which it also declares as a dependency and re-exports verbatim from src/selector-parser.js, providing cover for installers who mistype the real package). On top of that legitimate re-export, the package ships a sealed AES-GCM ciphertext as DEFAULT_FINAL_ENCODED_TEXT in src/config/defaults.js together with a hardcoded passphrase (default-dev-passphrase) and salt. src/pipeline/custom-codec-pipeline.js line 53 decrypts the blob and evaluates the cleartext via new Function("require", runnable)(require), handing the decrypted code full require capability on the installer's machine. This decode-and-eval path is reachable through the package's exported run / decodeAndRunPlain / runDefaultDecodedFunction API, through require('postcss-minify-selector-parser/cjs-runner'), and through the bundled runtime/lib.min.js and scripts/cjs-runner.js. The README documents none of this — it presents the package as a CSS selector parser. The combination of typosquat name, hidden encrypted payload, multi-layer custom codec pipeline (position-unit-codec + encode-decode-codec + AES-GCM) used solely to wrap that payload, and direct new Function(require) execution of the decrypted bytes is the canonical opaque-blob-eval supply-chain attack shape. Author field is empty, no repository URL is declared, license is generic ISC.