freesewing/markdown/org/blog/roundup-2018-11/en.md

---
author: "joostdecock"
caption: "Your login background for December"
date: "2018-11-30"
intro: "Monthly roundup - November 2018: New showcases and a (false) security alarm"
title: "Monthly roundup - November 2018: New showcases and a (false) security alarm"
---


This is your monthly roundup of the freesewing news of the last four weeks, 
and a look at what lies ahead in the next month.

## Looking back at November

I have been very busy this month, but more about that in our roundup post for the year
which you can expect on December 10th.

Because I've been busy, a few showcase posts had fallen through the cracks.
I've cleared the backlog in my inbox now, and as a result we have 
[a new Bruce showcase by Felix](/en/showcase/bruce-three-pack) and
[a new Sandy showcase by Karin](/en/showcase/sandy-by-karin).

If you've made one of our patterns, make sure to send in your pictures 
so we can add them too. I mean, even if it takes a while, I do eventually
get around to it :)


Earlier this week, I woke to the unsettling news that a popular package on 
NPM [had been hijacked by malicious actors](https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/).

That's obviously shitty behaviour, but the fact that this package is a dependency
of our backend (as in, we use it) made for a rude awakening.
Our backend was patched by the time I got to work (yay for trains), but as more information
came to light, it turned out it was never a problem in the first place.

For one thing, the dependency was a so-called development dependency. Code that is included
while developing, but not included in the production build.

Furthermore, the malicious actors were targetting a very specific set of people in order
to make off with their bitcoin, so there was never an issue.

As the story was developing, we 
[posted updates on Twitter](https://twitter.com/freesewing_org/status/1067312509672177664)
so if you want to make sure you want to hear all the latest news, make sure to follow 
[@freesewing_org](https://twitter.com/freesewing_org) on Twitter.


## Looking ahead to December

In early December we traditionally do our yearly roundup, so more on that soon :)
feat: Added local markdonw content after importing from strapi/sanity 2023-07-15 19:53:03 +02:00			`---`
			`author: "joostdecock"`
			`caption: "Your login background for December"`
			`date: "2018-11-30"`
			`intro: "Monthly roundup - November 2018: New showcases and a (false) security alarm"`
			`title: "Monthly roundup - November 2018: New showcases and a (false) security alarm"`
			`---`


			`This is your monthly roundup of the freesewing news of the last four weeks,`
			`and a look at what lies ahead in the next month.`

			`## Looking back at November`

			`I have been very busy this month, but more about that in our roundup post for the year`
			`which you can expect on December 10th.`

			`Because I've been busy, a few showcase posts had fallen through the cracks.`
			`I've cleared the backlog in my inbox now, and as a result we have`
			`[a new Bruce showcase by Felix](/en/showcase/bruce-three-pack) and`
			`[a new Sandy showcase by Karin](/en/showcase/sandy-by-karin).`

			`If you've made one of our patterns, make sure to send in your pictures`
			`so we can add them too. I mean, even if it takes a while, I do eventually`
			`get around to it :)`


			`Earlier this week, I woke to the unsettling news that a popular package on`
			`NPM [had been hijacked by malicious actors](https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/).`

			`That's obviously shitty behaviour, but the fact that this package is a dependency`
			`of our backend (as in, we use it) made for a rude awakening.`
			`Our backend was patched by the time I got to work (yay for trains), but as more information`
			`came to light, it turned out it was never a problem in the first place.`

			`For one thing, the dependency was a so-called development dependency. Code that is included`
			`while developing, but not included in the production build.`

			`Furthermore, the malicious actors were targetting a very specific set of people in order`
			`to make off with their bitcoin, so there was never an issue.`

			`As the story was developing, we`
			`[posted updates on Twitter](https://twitter.com/freesewing_org/status/1067312509672177664)`
			`so if you want to make sure you want to hear all the latest news, make sure to follow`
			`[@freesewing_org](https://twitter.com/freesewing_org) on Twitter.`


			`## Looking ahead to December`

			`In early December we traditionally do our yearly roundup, so more on that soon :)`