Blog · Key Management & Security

Simplifying API Key Management

Practical security insights and product updates from the team building safer, simpler key management for modern APIs.

April 4, 2026 • 5 min read • API Stronghold Team

npm postinstall Scripts Can Read Your .env. Most Projects Let Them.

The strapi-plugin-events attack used a postinstall hook to exfiltrate secrets. This vector isn't new. What's new is how often it works.

supply chain npm API keys secrets management credential security

March 31, 2026 • 6 min read • API Stronghold Team

NPM Supply Chain Attack: Why Expiring Tokens Beat Rotation

Axios fell to a persistent maintainer token that leaked and enabled credential theft. When attackers move in minutes and rotation takes days, expiration is the only math that works.

supply-chain api-keys npm credentials

Page 1 of 1

Previous Next

Simplify secrets management

Join thousands of developers who trust API Stronghold for secure, simplified key management.

Start Free — No Credit Card Required