Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors. The package.json contains a preinstall script that executes node setup_bun.js, allowing arbitrary code execution during installation (Evidence 1 & 2). Both bun_environment.js and setup_bun.js access multiple bash startup files, indicating potential persistence mechanisms (Evidence 0 & 3). These multiple strong indicators suggest malicious intent.