{"id":"MAL-2025-191518","summary":"Malicious code in mongodb-compass (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (6fc0d8ae5a118b95da082deba58530df3356140503ebc3590069cc6ef8c6bc4d)\nThe package mongodb-compass was found to contain malicious code.\n","modified":"2025-12-01T17:18:25.358950Z","published":"2025-12-01T16:16:28Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2025-12-01T16:16:28Z","ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"sha256":"6fc0d8ae5a118b95da082deba58530df3356140503ebc3590069cc6ef8c6bc4d","import_time":"2025-12-01T16:44:40.645569401Z","source":"amazon-inspector"}]},"affected":[{"package":{"name":"mongodb-compass","ecosystem":"npm","purl":"pkg:npm/mongodb-compass"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mongodb-compass/MAL-2025-191518.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}