Package compromised via npm token leak from phishing attack

Note: This report is updated by a verification record

The package contains a DLL with a mismatched extension (likely an EXE renamed to DLL) and executes arbitrary code during installation via install.cjs. This combination of suspicious behaviors suggests malicious intent. Embedding an executable and running code on install are common malware techniques.