←back to thread

Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised

(socket.dev)
1208 points jamesberthoty | 1 comments | 16 Sep 25 11:22 UTC | HN request time: 0s | source
Show context
paulirish ◴[16 Sep 25 14:54 UTC] No.45263141[source]
This vulnerability was reported to NPM in 2016: https://blog.npmjs.org/post/141702881055/package-install-scr... https://www.kb.cert.org/vuls/id/319816 but the NPM response was WAI.
replies(3): >>45263800 #>>45264329 #>>45274286 #
rectang ◴[16 Sep 25 15:43 UTC] No.45263800[source]
Acronym expansion for those-not-in-the-know (such as me before a web search): WAI might mean "working as intented", or possibly "why?"
replies(1): >>45266628 #
201984 ◴[16 Sep 25 19:17 UTC] No.45266628[source]
Thank you. It's frustrating when people uncommon acronyms without explaining them.
replies(1): >>45267301 #
maxverse ◴[16 Sep 25 20:07 UTC] No.45267301{3}[source]
AI is helpful for this, but I also built https://www.hackterms.com eight years ago for this exact reason.
replies(1): >>45273575 #
1. Vinnl ◴[17 Sep 25 09:19 UTC] No.45273575{4}[source]
And of course good old Urban Dictionary: https://www.urbandictionary.com/define.php?term=WAI