Description
openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Remediation
References
https://nodesecurity.io/advisories/504
Related Vulnerabilities
CVE-2020-7675 Vulnerability in npm package cd-messenger
CVE-2016-10568 Vulnerability in npm package geoip-lite-country
CVE-2021-23372 Vulnerability in npm package mongo-express
CVE-2020-28479 Vulnerability in npm package jointjs
CVE-2019-17195 Vulnerability in maven package com.nimbusds:nimbus-jose-jwt