Glama
Sign In

FigmaMind MCP Server

by joao-loker
Verified
GitHub
TypeScript
RedditDiscord
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
# Security This document contains guidelines and information to maintain the security of the FigmaMind project. ## Secret Management ### API Tokens The project uses the Figma API token to access files and assets. For security reasons: 1. **NEVER commit tokens or API keys to the repository** 2. **ALWAYS use .env files to store tokens** (this file is in .gitignore) 3. **DO NOT share your API token in forums, chats, or public documentation** ### Secure Configuration Process 1. Copy the `.env.example` file to `.env` (which will be ignored by git) 2. Add your tokens and other sensitive variables to the `.env` file 3. Use the `dotenv` package to load these variables in your code ```javascript require('dotenv').config(); const token = process.env.FIGMA_TOKEN; ``` ## Figma API Permissions The Figma API token has access to all files that your user can access. Therefore: 1. Create a token with the minimum scope necessary for your needs 2. Revoke unused tokens on the Figma settings page 3. Rotate your tokens periodically (recommended every 3-6 months) ## Development Environment Security 1. Keep your Node.js and npm updated to avoid known vulnerabilities 2. Run `npm audit` regularly to check for possible vulnerabilities in dependencies 3. Use a version manager like nvm for better environment control ## Data Privacy The FigmaMind project does not collect end-user data. However, data from Figma files may contain sensitive information such as: 1. Proprietary project names 2. Copyrighted designs and images 3. URLs and references to internal resources Be careful when sharing generated JSONs or extracting assets that may contain proprietary information. ## Reporting Security Issues If you discover a security vulnerability in this project, please: 1. **DO NOT disclose it publicly** through GitHub issues 2. Contact the project maintainers directly 3. Provide details about the vulnerability and, if possible, steps to reproduce it ## Security Contribution Guidelines When contributing code to this project: 1. Do not add unnecessary dependencies 2. Check that your code does not introduce vulnerabilities 3. Keep tokens and keys in environment variables, never hardcoded 4. Use proper sanitization for inputs that will be processed By following these guidelines, we can keep the project secure for all users and developers.