This is your monthly roundup of the freesewing news of the last four weeks, and a look at what lies ahead in the next month.
Looking back at November
I have been very busy this month, but more about that in our roundup post for the year which you can expect on December 10th.
Because I’ve been busy, a few showcase posts had fallen through the cracks. I’ve cleared the backlog in my inbox now, and as a result we have a new Bruce showcase by Felix and a new Sandy showcase by Karin.
If you’ve made one of our patterns, make sure to send in your pictures so we can add them too. I mean, even if it takes a while, I do eventually get around to it :)
Earlier this week, I woke to the unsettling news that a popular package on NPM had been hijacked by malicious actors.
That’s obviously shitty behaviour, but the fact that this package is a dependency of our backend (as in, we use it) made for a rude awakening. Our backend was patched by the time I got to work (yay for trains), but as more information came to light, it turned out it was never a problem in the first place.
For one thing, the dependency was a so-called development dependency. Code that is included while developing, but not included in the production build.
Furthermore, the malicious actors were targetting a very specific set of people in order to make off with their bitcoin, so there was never an issue.
As the story was developing, we posted updates on Twitter so if you want to make sure you want to hear all the latest news, make sure to follow @freesewing_org on Twitter.
Looking ahead to December
In early December we traditionally do our yearly roundup, so more on that soon :)