---

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (e4773b7c6b3832dbd9b733f1bbe60d85f6a85a0764ad0c43345962c09add1cca)

lib/bootstrap.js contains a hardcoded outbound channel to https://transscendsurvival.org alongside calls to https://api.github.com and reads of process.env, with an https.get invocation at line 154. The transscendsurvival.org domain is not a documented vendor or publisher endpoint and matches the shape of an attacker-controlled C2/exfiltration host — pairing environment-variable reads with a hardcoded non-publisher destination is the canonical credential/secret-exfiltration pattern. Installing or loading this package routes installer-side environment data and GitHub API interactions through this third-party host.