APIs in NodeJS should have a single source of truth for api specs between code and docs, as well as compile time type safety.
Install-time code executes data theft and a remote-access persistence attempt. It exfiltrates selected project and home-directory files to hard-coded IP endpoints and attempts to install a fetched SSH key.
Package defines install-time lifecycle scripts.
package.jsonView on unpkgPackage declares a runtime dependency whose name matches a Node built-in module.
package.jsonView on unpkgSource writes persistence or remote-access backdoor material.
index.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
index.jsView on unpkg · L1Source collects local host identity data and sends it to an external endpoint.
index.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
index.jsView on unpkg · L1Package declares a runtime dependency whose name matches a Node built-in module.
package.jsonView on unpkg · L6Package defines install-time lifecycle scripts.
package.jsonView on unpkg · L7Source writes persistence or remote-access backdoor material.
index.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
index.jsView on unpkg · L1Source collects local host identity data and sends it to an external endpoint.
index.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
index.jsView on unpkg · L1