This code gathers sensitive system and user information (e.g., home directory, hostname, username, DNS servers, and package metadata) without user consent and sends it via an HTTPS POST request to lrg2v0x016cebj405fh4lf62ftll9fx4[.]oastify[.]com. The domain is not associated with any known legitimate service and may be used for data exfiltration or other malicious purposes, posing a significant security risk.
Live on npm for 30 days, 8 hours and 37 minutes before removal. Socket users were protected even while the package was live.