Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors that, when combined, suggest malicious intent. The package.json file contains a preinstall script executing node setup_bun.js, which is flagged as suspicious. Both setup_bun.js and bun_environment.js access multiple bash startup files, potentially for persistence. Furthermore, the package includes an embedded executable package/bin/postman that has fake section headers, a common technique used to evade detection. While each of these findings alone might not be conclusive, their combination raises significant concerns about the package's safety.