The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times.

Malicious dbgpkg package on PyPI poses as a debugging utility but acts as a delivery mechanism for a stealthy backdoor ...