Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors. Both bun_environment.js and setup_bun.js access multiple bash startup files, indicated by the 'bash_persist_persistent' YARA rule. Additionally, the package.json contains a preinstall script that executes node setup_bun.js, allowing arbitrary code execution during installation. This combination of behaviors, including accessing bash startup files and executing code during installation, strongly suggests malicious intent.