
Security News
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

A CLI tool written in Haskell for checking your recent AtCoder AC count and the problems you solved, from the command line.
Inspired by ccusage.
It uses the AtCoder Problems API to fetch the AC history.
npx acac-cli <atcoder-username>
┌──────────────────┬────┬───────────────────────────────────────────────────┐
│ Date │ AC │ Problems │
├──────────────────┼────┼───────────────────────────────────────────────────┤
│ 2026-05-26 (Tue) │ 2 │ abc081B abc290A │
│ 2026-05-29 (Fri) │ 1 │ abc342C │
│ 2026-05-30 (Sat) │ 6 │ abc460A abc460B abc460C abc460D awc0001A awc0001B │
├──────────────────┼────┼───────────────────────────────────────────────────┤
│ week total │ 9 │ │
├──────────────────┼────┼───────────────────────────────────────────────────┤
│ 2026-05-31 (Sun) │ 1 │ abc460C │
│ 2026-06-01 (Mon) │ 1 │ abc460D │
│ 2026-06-06 (Sat) │ 3 │ abc461A abc461B abc461C │
├──────────────────┼────┼───────────────────────────────────────────────────┤
│ week total │ 5 │ │
├──────────────────┼────┼───────────────────────────────────────────────────┤
│ 2026-06-07 (Sun) │ 1 │ abc461C │
│ 2026-06-08 (Mon) │ 1 │ abc144B │
│ 2026-06-09 (Tue) │ 5 │ abc106B abc120B abc122B abc136B abc150B │
│ 2026-06-10 (Wed) │ 1 │ abc057C │
│ 2026-06-11 (Thu) │ 1 │ abc095A │
│ 2026-06-12 (Fri) │ 1 │ sumitrust2019D │
│ 2026-06-13 (Sat) │ 3 │ abc462A abc462B abc462C │
├──────────────────┼────┼───────────────────────────────────────────────────┤
│ week total │ 13 │ │
├──────────────────┼────┼───────────────────────────────────────────────────┤
│ 2026-06-15 (Mon) │ 5 │ APG4bA APG4bPythonA abc128C abc462B abc462D │
│ 2026-06-17 (Wed) │ 3 │ abc145C abc147C abc150C │
│ 2026-06-18 (Thu) │ 2 │ abc054C abc448B │
│ 2026-06-19 (Fri) │ 5 │ abc054C abc245B abc273A abc425B awc0001B │
│ 2026-06-20 (Sat) │ 6 │ abc029C abc153D abc247C abc463A abc463B abc463C │
├──────────────────┼────┼───────────────────────────────────────────────────┤
│ week total │ 21 │ │
├──────────────────┼────┼───────────────────────────────────────────────────┤
│ 2026-06-22 (Mon) │ 2 │ abc292B abc350B │
├──────────────────┼────┼───────────────────────────────────────────────────┤
│ week total │ 2 │ │
└──────────────────┴────┴───────────────────────────────────────────────────┘
It displays your recent AC history as a weekly table.
The following binaries are built.
| OS | binary type | Verified on real device |
|---|---|---|
| Linux | linux-x64 | ✅ |
| Linux | linux-arm64 | |
| macOS | darwin-arm64 | ✅ |
| macOS | darwin-x64 | |
| Windows | win32-x64 | ✅ |
If you have verified acac on a real device other than the ✅ ones, please let us know via an Issue.
If you use another environment, we would appreciate a request/PR on an Issue, but you can also set it up by referring to For Developer Memo.
For supply chain transparency, the distributed artifacts are produced as follows.
nix build .#static).--provenance, OIDC trusted publishing). Each release can be verified back to the workflow run and commit it came from.v*.*.* tags using GitHub Immutable Releases (the release is created by the CI bot, not by hand).acac-<os>-<arch> ships an accompanying .sig (signature) and .pem (certificate), plus a acac.intoto.jsonl SLSA provenance attestation for the release. This is what OpenSSF Scorecard's Signed-Releases checks (Immutable Releases and npm provenance alone do not satisfy it).acac-<os>-<arch> optionalDependency packages, so the main package has no runtime dependencies.FAQs
Show recent AtCoder AC history as a weekly ccusage-style table
The npm package acac-cli receives a total of 357 weekly downloads. As such, acac-cli popularity was classified as not popular.
We found that acac-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.