@solana-labs/spl-toke

MAL-2026-5787

npmtyposquat6/15/2026
Description

Malicious code in @solana-labs/spl-toke (npm)

Indicators of Compromise
SHA256 Hashes (16)
0a75812030937ae0ecf6c5d267667b2454058a324711bf3280ed3e97eb5f8b5a
f92bf1c5408d5c80d1bb78242f7315df61273713e07dfad4892f01d0c451e916
0b23badd2ad9e0607dabb4d58bc78762691e31c58c9b548db11e0543e21d40fc
5e83e440dfb72440a6534ecc320ef618b829630c5cb0fbed432f1237fd45f9ec
75b8b946808d1c68fd9c479993b8ed19b103030b3d37a6feeba099f6d4c02b62
d10819a7af9f7f0fd57651626b41a13492ba3841206caa870fdcfbbb0516836b
96715c34660630d56f91507a3de9fe64c47de50c19afe8de61107ecc78a0ac38
a91d0a65c4acdc298a7775a0f4a2e3a65dd07ede8c4731fabefce12525ae38e6
ae699ea42c65454a0a9fd55bfd47f9eb9647b9a2dcc604ddd4296cf5a72a32ce
f4473251be335760795fc2692450b59c06efa8a7227daf3c2d384cd26f1808d5
References (8)
https://www.npmjs.com/package/@solana-labs/spl-toke/v/1.0.10OSVhttps://www.npmjs.com/package/@solana-labs/spl-toke/v/1.98.112OSVhttps://www.npmjs.com/package/@solana-labs/spl-toke/v/1.0.5OSVhttps://www.npmjs.com/package/@solana-labs/spl-toke/v/1.0.6OSVhttps://www.npmjs.com/package/@solana-labs/spl-toke/v/1.0.7OSVhttps://www.npmjs.com/package/@solana-labs/spl-toke/v/1.0.0OSVhttps://www.npmjs.com/package/@solana-labs/spl-toke/v/1.98.111OSVhttps://www.npmjs.com/package/@solana-labs/spl-toke/v/1.0.8OSV
Details
Ecosystemnpm
Attack Typetyposquat
Published6/15/2026
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001