CVE-2017-16077

A fake package named 'mongose' (mimicking the legitimate 'mongoose' library) was uploaded to npm with malicious code designed to steal environment variables from developers' machines. The package has since been removed.

A typosquatting attack leveraging npm's package registry where a malicious module executed code during installation to exfiltrate environment variables (potentially containing API keys, credentials, and secrets). The attack vector requires the developer to install the package, and the threat model assumes insufficient vetting of dependencies during the supply chain.