Description
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/501
Related Vulnerabilities
CVE-2022-26112 Vulnerability in maven package org.apache.pinot:pinot-spi
CVE-2017-16129 Vulnerability in npm package superagent
CVE-2020-2219 Vulnerability in maven package org.jenkins-ci.plugins:link-column
CVE-2022-25890 Vulnerability in npm package wifey
CVE-2021-3815 Vulnerability in npm package @fabiocaccamo/utils.js