The package is marked as malware by OSV: MAL-2025-190940 with source: ghsa-malware

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors strongly suggesting it is malware. The package.json includes a preinstall script that executes node setup_bun.js, enabling arbitrary code execution during installation. Both bun_environment.js and setup_bun.js access multiple bash startup files, indicating potential persistence mechanisms. The combination of preinstall script execution and attempts to modify shell startup files provides strong evidence of malicious intent.