Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors. The bash_persist_persistent YARA rule matched in bun_environment.js and setup_bun.js indicates potential attempts to modify bash startup files for persistence. Additionally, the npm_preinstall_command YARA rule match in package.json suggests the execution of an external command during the preinstall phase, which can be a sign of malicious intent. The combination of these two behaviors raises significant concerns about the package's safety.