MAL-2026-6090

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (52e6ddf4cbc1a035918a5bd136c865ff526f430db21268d75d3c90fa74196fdf) The package declares a postinstall lifecycle hook ("postinstall": "node run.js" in package.json) that automatically executes run.js on install. run.js imports os, fs, http, https, and child_process, collects host identifying information (os.hostname(), os.platform()), reads files from disk (fs.readFileSync, fs.existsSync), and issues multiple POST requests over HTTP/HTTPS (run.js lines 134, 137, 348, 355). The combination of automatic install-time execution, host fingerprinting, filesystem reads, and outbound POSTs is the canonical install-time exfiltration shape. Installing this package on a developer machine or CI runner will run the reconnaissance and exfiltration code without user interaction.