Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors. The package.json contains a preinstall script executing node setup_bun.js, allowing arbitrary code execution during installation. Both bun_environment.js and setup_bun.js access multiple bash startup files, indicating persistence attempts. Additionally, victoria-wallet-type.cjs.production.min.js contains XOR-obfuscated terms, suggesting obfuscation of potentially malicious code. These multiple strong indicators suggest malicious intent.