Package is malware. Collects system info, exfiltrates data via HTTP/DNS, executes commands, and uses preinstall script for auto-execution.
No verification record available.
The package exhibits multiple strong indicators of malicious behavior. The preinstall.js script collects sensitive system information (username, hostname, network interfaces, DNS servers, etc.) and attempts to exfiltrate this data to a remote server (ienfcixqbgvbxkccdoxgvw1mg2rag0oty.oast.fun) using HTTPS POST/GET requests and DNS resolution. The script also executes arbitrary commands using execSync, posing a significant security risk. The package.json file defines a preinstall script, automatically executing preinstall.js during installation, a common technique used by malicious packages. The combination of data exfiltration, command execution, and preinstall script execution provides strong evidence of malicious intent.
