Which versions of @solana-labs/ancor are malicious?

The following npm versions of @solana-labs/ancor are flagged malicious: 1.0.0, 1.0.1, 1.0.7, 1.0.8, 1.0.9, 1.0.11. Treat any of these as compromised.

How do I remediate @solana-labs/ancor if I installed it?

@solana-labs/ancor is a typosquat — you almost certainly intended a legitimately-named package. Remove @solana-labs/ancor, install the correct package, and rotate any secrets exposed during the install since post-install scripts may have already run.

I already installed @solana-labs/ancor — how do I know if it already compromised me?

If @solana-labs/ancor was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

How do I find @solana-labs/ancor across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for @solana-labs/ancor (6 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging @solana-labs/ancor across your stack and pipelines.

Malicious package

@solana-labs/ancornpm

Malicious code in @solana-labs/ancor (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5786

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall @solana-labs/ancor

What this malware does

Package name @solana-labs/ancor is a one-character typosquat of the legitimate @coral-xyz/anchor / @project-serum/anchor Solana framework, published under the @solana-labs scope to impersonate official Solana Labs tooling. package.json declares "postinstall": "node install.js", which fires automatically on npm install. install.js reads host identifiers via os.hostname() and process.platform, invokes child_process.execSync, issues outbound HTTP/HTTPS traffic (including a POST at line 113 and a curl shell-out at line 173), and references https://api.mainnet-beta.solana.com as cover traffic. The combination of (a) impersonating-scope name targeting a top-tier ecosystem package, (b) a postinstall lifecycle hook executing a script that reads host identity and shells out to network primitives, and (c) execSync of arbitrary commands during install constitutes an install-time host reconnaissance / command-execution payload against any developer or build system that installs this package.

Malicious versions

6 flagged

1.0.01.0.11.0.71.0.81.0.91.0.11

Indicators of compromise (SHA-256)

06e80dfe88b6d601c9312c9fc13275b703e5d05311232a3f1fa01b1c0a1f041b

4341f9b2c0176d9259176539e69a12bec21bd872733a220066f2af7e8c852012

a2dc1225b1e56ff04b029102d142b130bf7d9f65e2458034cd7ef630dcdaf5eb

e5786abeec93a264217ec9d4ca101ba0f491867bacf387dfd15e891fde36b634

0e572d1a61685cd04ccafca460d47a230f0306cca7692e3c1008f2b296592b22

3b513d317445b8431eda1751d82e7f50d2d7ef311a9891a7aa9a2fab706236c5

3c3f14460d22b93718d3fdf4337cc9b5f3a2526e4cb265a906a9c24d87671f98

42c4ffd55383e8703ce8de56e582e1e0eaa2b57d522edb4b4356febd4134e6a5

4d59b87155558b811b79a7d671f6dcd66bee47adff3a7022ab22d73f18d86369

5feff6d83078f902bd5e7eaa2dd81f78c95289d86ccfcde5f30325c7609278a7

8e001b6b18e1b0a1841b10d5e41b1403383d65f61e56f5363efcfc4102162892

c2e55c8cd359b7c45614d01f3d8f02bd9f27a9322c52decf65b1524500a0a396

Detection & response playbook

Typosquat

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for @solana-labs/ancor (6 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging @solana-labs/ancor across your stack and pipelines.
If you installed it — respond
@solana-labs/ancor is a typosquat — you almost certainly intended a legitimately-named package. Remove @solana-labs/ancor, install the correct package, and rotate any secrets exposed during the install since post-install scripts may have already run.
Did it already run?
If @solana-labs/ancor was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks @solana-labs/ancor before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. @solana-labs/ancor on npm has been identified as a malicious package (versions 1.0.0, 1.0.1, 1.0.7, 1.0.8, 1.0.9, 1.0.11 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006600IN-MAL-2026-006599IN-MAL-2026-006597IN-MAL-2026-006592IN-MAL-2026-006598IN-MAL-2026-006590IN-MAL-2026-006589IN-MAL-2026-006593IN-MAL-2026-006591IN-MAL-2026-006594IN-MAL-2026-006595IN-MAL-2026-006596

References

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks @solana-labs/ancor-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring