---

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (7d176cad00849132cb8df7ca53ac064e1980cea09bfe9b25836a78b4719b08ea)

The package's dist/index.js contains hardcoded HTTP POST calls targeting http://metadata.tencentyun.com along with reads of process.platform and related host identifiers. The endpoint is a cloud-metadata-style hostname being contacted over plain HTTP from package code, not a documented SDK. The package name ("diagnostics-metrics") combined with hardcoded outbound POSTs to a fixed external endpoint at module load matches the silent-beacon / data-exfiltration shape: any installer that requires this package will have host attributes transmitted to the hardcoded destination without consent or configuration.