CVE-2017-16061

The CVE refers to the npm package named tkinter, described as malware that steals environment variables and exfiltrates them to attacker-controlled locations. All versions have been unpublished from the npm registry. The MITRE-style impact is primarily confidentiality loss, with practical risk th...