CVE-2017-16044
CVE-2017-16044 corresponds to the npm package d3.js , reported as a malware module that hijacks environment variables and exfiltrates them to attacker-controlled endpoints. The community advisories (GHSA, npm advisory) state that all versions have been unpublished from the npm registry. The root ...