A fast-moving package compromise shows how registry identity, lifecycle scripts, and native build files can turn dependency install into an execution path.