Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors. Both bun_environment.js and setup_bun.js access multiple bash startup files (Evidence 0 and 3). The package.json contains a preinstall script executing setup_bun.js (Evidence 1 and 2), a common technique for malicious packages to execute arbitrary code. The combination of these factors suggests malicious intent.