CVE-2017-16064

The CVE refers to the npm malware node-openssl, a malicious module published to hijack environment variables. Multiple sources confirm that the package stole environment variables and exfiltrated them to attacker-controlled locations, and that all versions have been unpublished from the npm regis...