Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Note: This report is updated by a verification record

The package contains multiple suspicious behaviors. The YARA rule bash_persist_persistent matched in setup_bun.js and bun_environment.js indicates potential attempts to modify bash startup files for persistence. The npm_preinstall_command match in package.json suggests the execution of external commands during installation, which can be a vector for malicious code injection. Furthermore, the presence of an embedded executable package/bin/postman and an extension mismatch raise concerns about the package's integrity and potential for malicious intent. The combination of these factors strongly suggests that the package is a malware.