Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors. Both bun_environment.js and setup_bun.js trigger the bash_persist_persistent YARA rule, indicating potential attempts to modify shell startup files for persistence. More concerning is the package.json file's preinstall script executing node setup_bun.js. This allows arbitrary code execution before installation, a common malware technique. The combination of these factors strongly suggests malicious intent.