npm

solana-address-codec @1.0.5

Vulnerability report · Last retrieved from osv.dev July 10, 2026 at 1:30 AM UTC

Malicious

OSV ID

MAL-2026-6924

Ecosystem

npm

Summary

The package name resembles utilities in the Solana ecosystem (e.g., @solana/addresses and address codec helpers), which is a common target for typosquat and confusion attacks against crypto tooling. No file-level behavioral evidence was produced for this version, so malicious intent cannot be confirmed or ruled out from the available signals. Given the crypto-adjacent naming and the absence of behavioral evidence, human review is appropriate before allowing installers to consume this package.

Source: amazon-inspector (8e1008cff7bb82464ce9ade3ae5c353e929b7367800b404a038baa8a026c69ae)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.