This is a de-obfuscated (via https://obf-io.deobfuscate.io/) and manually refactored/commented version of the malicious payload introduced in the color npm package and tons of others on September 8, 2025.

It has been split into multiple files and loosely ported to TypeScript for additional semantic information.

Don't run this unless you want to funnel money to the attacker, obviously.

Complete write-up: https://fasterthanli.me/articles/color-npm-package-compromised