Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Note: This report is updated by a verification record

The package exhibits suspicious behavior based on multiple YARA rule matches. The bash_persist_persistent rule matched in bun_environment.js and setup_bun.js, indicating potential attempts to modify shell startup files for persistence. Additionally, the npm_preinstall_command rule matched in package.json, suggesting the execution of external commands during the preinstall phase. This combination of behaviors raises concerns about the package's safety and suggests it may be malicious.