Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors based on YARA rule matches. Specifically, the bash_persist_persistent rule is triggered in bun_environment.js and setup_bun.js, indicating attempts to access and modify bash startup files for persistence. Additionally, the npm_preinstall_command rule is triggered in package.json, suggesting the execution of an external command during the preinstall phase, which is a common technique used by malicious packages to execute arbitrary code. The combination of these behaviors raises significant concerns about the package's safety.