CVE-2017-16074
The CVE-2017-16074 entry concerns the npm package crossenv, which is described in connected documents as malware that hijacks environment variables and exfiltrates them to attacker-controlled locations. All versions have been unpublished from npm. Public advisories (GitHub GHSA and npm advisory) ...