Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Note: This report is updated by a verification record

The package contains multiple suspicious indicators. The YARA rule bash_persist_persistent matched in setup_bun.js and bun_environment.js, suggesting potential attempts to modify bash startup files for persistence. Furthermore, the npm_preinstall_command rule matched in package.json, and the LLM analysis flagged the preinstall script executing node setup_bun.js as suspicious, indicating arbitrary code execution during installation. The combination of these factors suggests malicious intent.