Multiple suspicious behaviors: preinstall script exfiltrates data to a suspicious URL, terminates process, and few versions. Strong evidence of malware.
No verification record available.
The package exhibits multiple suspicious behaviors, strongly suggesting it is malware. The preinstall script executes scripts/setup.js, which exfiltrates sensitive information (hostname, CWD, Node.js version) to a suspicious URL. The script also terminates the process after the callback, which is unusual and could be used to hide malicious activity. The package has only a few published versions, further increasing suspicion. These factors combined provide strong evidence of malicious intent.
