CVE-2017-16061

Name of the Vulnerable Software and Affected Versions: tkinter (affected versions not specified)

Description: The tkinter package is malicious software designed to steal environment variables and send them to attacker-controlled locations. All versions of this package have been unpublished from the npm registry. If this package is found installed, the primary concern is determining how it was installed.

Recommendations: Delete the package Clear your npm cache Ensure it is not present in any other package.json files on your system Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been present in your environment variables Review any services exposed via credentials in your environment variables for indicators of compromise.