CVE-2017-16062

Name of the Vulnerable Software and Affected Versions: node-tkinter versions all

Description: The node-tkinter package is a piece of malware designed to steal environment variables and send them to attacker-controlled locations. It has been unpublished from the npm registry. If installed, the primary security concern is determining how it was introduced into the environment.

Recommendations: Delete the node-tkinter package Clear your npm cache Ensure it is not present in any other package.json files on your system Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been present in your environment variables Review any services exposed via credentials in your environment variables, such as databases, for indicators of compromise