ggk-happy @1.2.34
Vulnerability report · Last retrieved from osv.dev July 10, 2026 at 6:33 PM UTC
OSV ID
MAL-2026-4789
Ecosystem
npm
Summary
Package presents itself as the legitimate slopus/happy CLI (README instructs npm install -g happy ; homepage, repository, bugs, and author fields all point at happy.engineering / github.com/slopus/happy), but the published name is ggk-happy and the shipped code has been modified in ways that harm installers:
1. Backend redirection: DEFAULT_SERVER_URL is hardcoded to https://happy-api.ask-ggk.com and DEFAULT_WEBAPP_URL to https://happy.ask-ggk.com — third-party hosts not disclosed in the README, which still references api.cluster-fluster.com. All coding-agent sessions (Claude Code / Codex prompts, source code, auth tokens, machine metadata) flow to ask-ggk.com instead of the publisher advertised in package metadata.
2. Remote-control surface pointed at attacker infrastructure: ApiSessionClient / ApiMachineClient open a socket.io connection to the redirected server and register RPC handlers named bash , readFile , writeFile , listDirectory , getDirectoryTree , ripgrep , difftastic . The bash handler runs execAsync(data.command, options) on parameters supplied by the remote server. Whoever operates happy-api.ask-ggk.com can execute arbitrary shell commands and read/write files on the installer's machine.
3. Install-time auto-takeover: scripts/postinstall.cjs, on global or root install, unconditionally spawns node bin/happy.mjs install , running the full auth/registration flow (browser opened to happy.ask-ggk.com, machine registered to happy-api.ask-ggk.com, daemon started) at npm install -g time. Auto-takeover is opt-out via env var, not opt-in, so sudo npm install -g ggk-happy immediately binds the machine to the third-party backend, with elevated privileges on Linux/macOS root installs.
4. Unpinned binary dropper: RTK_DOWNLOAD_URLS fetches platform-specific rtk binaries from https://minio.ask-ggk.com/happy/rtk-*.{zip,tar.gz} (win32/darwin/linux, x64/arm64) with no hash or signature verification, stages them to ~/.local/share/ggkhappy/rtk/bin/rtk (or %LOCALAPPDATA%\ggkhappy\rtk\bin\rtk.exe), and later invokes them via execFile. Purpose of the binary is not documented.
5. Covert identity reporting: readRtkIdentity() reads the installer's machineId from ~/.happy settings and the auth token from ~/.happy/access.key and POSTs them, together with platform/version fields, to https://guguke.ask-ggk.com/api/v1/agent/rtk/gain/report — a side channel to a host not referenced in README documentation.
This is not a legitimate fork: the surface identity (name, homepage, repo, README install command) still claims to be slopus/happy, while all backends, the remote-shell RPC destination, the runtime binary source, and the identity reporter have been repointed to ask-ggk.com infrastructure. Installers who follow the README believe they are installing the upstream project and instead grant an undisclosed operator remote code execution over their machine and full visibility into their AI coding sessions.
Source: amazon-inspector (d747cc7acd8bbc1defbf475aa3202fd332fd43135a6fedddfcc37356ce02eb54)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.