CVE-2017-16078
CVE-2017-16078 concerns the npm package shadow sock—described in connected advisories as a malware that steals environment variables and exfiltrates to attacker-controlled endpoints. The npm advisory and GitHub/OSV entries confirm it has been unpublished from the npm registry; all versions are re...