cryptoMining

Flags code and dependencies consistent with cryptocurrency mining behavior (miners, pools, mining libraries, suspicious hashing loops).

Implemented in: src/lib/detection/plugins/crypto-mining.ts
Enabled by default: yes

What it means

The package contains indicators that it may attempt to mine cryptocurrency on the host machine.

Why it matters

Cryptomining malware consumes CPU/GPU resources, increases costs, and is frequently deployed without user consent.

What to do

• Verify whether mining functionality is expected for the package’s stated purpose.
• Inspect any native binaries and network destinations.
• Treat unexpected mining indicators as high severity, especially in transitive deps.

Common fields

• filePath, lineStart/lineEnd, codeSnippet
• metadata may include matched pool domains, library names, or rule IDs