Description
`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/497
Related Vulnerabilities
CVE-2018-19048 Vulnerability in maven package org.webjars:simditor
CVE-2020-10968 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2019-19771 Vulnerability in npm package singale
CVE-2015-9236 Vulnerability in npm package hapi
CVE-2020-7743 Vulnerability in maven package org.webjars:mathjs