Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@marco_ciaramella/cpu-web-miner
Advanced tools
A CPU miner for yespower, yespowerR16, yescrypt, yescryptR8, yescryptR16, yescryptR32, minotaurx and ghostrider POW.
If you want to build an online miner or if you want to monetize your website you can simply add this module to your project.
npm i @marco_ciaramella/cpu-web-miner
In your frontend add
import * as cpuWebMiner from "@marco_ciaramella/cpu-web-miner";
const stratum = {
server: "europe.raptoreum.zone",
port: 3333,
worker: "RY3WyocxKLRPFGKkUX8jvRyyRKBJaugFd5",
password: "x",
ssl: false // true when pool uses SSL, false otherwise
}
cpuWebMiner.start(cpuWebMiner.ghostrider, stratum, true, cpuWebMiner.ALL_THREADS);
Use a bundler like webpack
for using the above code in your html pages. Or if you want to use this library directly in your html pages without using a bundler, the following is a complete example
<!DOCTYPE html>
<html>
<body>
<h2>Thanks for using cpu-web-miner</h2>
<script type="module">
import * as cpuWebMiner from 'https://esm.run/@marco_ciaramella/cpu-web-miner';
const stratum = {
server: "europe.raptoreum.zone",
port: 3333,
worker: "RY3WyocxKLRPFGKkUX8jvRyyRKBJaugFd5",
password: "x",
ssl: false // true when pool uses SSL, false otherwise
}
cpuWebMiner.start(cpuWebMiner.ghostrider, stratum, true, cpuWebMiner.ALL_THREADS);
</script>
</body>
</html>
The miner communicates with stratum server through a WebSocket server owned by me. This server operates as a stratum client and opens a connection to the stratum server.
Maintaining the WebSocket server has a cost so it keeps 2% of shares as fee.
Crypto mining can be used as a monetization tool. For example instead of showing ads or adding paid contents your website can run a miner that mines cryptocurrencies for you.
You should warn the user about the background mining. Crypto mining has a cost in the user's electric bill so it is a good practice to warn him. Warn with an alert or with a message in the website.
FAQs
A CPU miner for website monetization
We found that @marco_ciaramella/cpu-web-miner demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.