Ah, the JavaScript ecosystem's most dedicated users - people who literally type "npm install malware" and hit enter. The package has 12 weekly downloads, was last updated 9 years ago, and somehow still claims 12 victims weekly.
The best part? It's ISC licensed, so you're legally permitted to destroy your own system! How thoughtful!
I'm torn between admiring these developers' curiosity and questioning their survival instincts. It's like watching someone lick a frozen pole "just to see what happens" - except with their production servers.