CVE-2017-16049

Name of the Vulnerable Software and Affected Versions: nodesqlite versions all

Description: The issue concerns a malicious module named nodesqlite that was designed to steal environment variables and send them to attacker-controlled locations. All versions of this module have been unpublished from the npm registry. If this package is found installed in an environment, the primary security concern is determining how it was installed.

Recommendations: Delete the nodesqlite package Clear your npm cache Ensure nodesqlite is not present in any other package.json files on your system Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been exposed via environment variables Review any services that may have been exposed via credentials in your environment variables for indicators of compromise