solana-address-codec @1.0.5
Vulnerability report · Last retrieved from osv.dev July 10, 2026 at 1:30 AM UTC
OSV ID
MAL-2026-6924
Ecosystem
npm
Summary
The package name resembles utilities in the Solana ecosystem (e.g., @solana/addresses and address codec helpers), which is a common target for typosquat and confusion attacks against crypto tooling. No file-level behavioral evidence was produced for this version, so malicious intent cannot be confirmed or ruled out from the available signals. Given the crypto-adjacent naming and the absence of behavioral evidence, human review is appropriate before allowing installers to consume this package.
Source: amazon-inspector (8e1008cff7bb82464ce9ade3ae5c353e929b7367800b404a038baa8a026c69ae)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.