Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors. The YARA rule bash_persist_persistent matched in bun_environment.js and setup_bun.js indicate attempts to access bash startup files, potentially for malicious persistence. Additionally, the npm_preinstall_command match in package.json suggests the execution of an external command during the preinstall phase, which is often used for malicious purposes. The combination of these two factors makes a strong case for classifying this package as malware.