Snyk has indicated that the compass and compass-connect repositories are affected by the issue outlined https://app.snyk.io/vuln/SNYK-JS-EVENTSTREAM-72638 , https://snyk.io/vuln/SNYK-JS-FLATMAPSTREAM-72637 and https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/ .
Can you please check these repositories and resolve the issue?
Thanks