mcp2py
Verified Safeby snowlxrd
Overview
A high-performance, server-rendered Next.js application designed to function as a headless e-commerce storefront, primarily integrated with Shopify.
Installation
pnpm devEnvironment Variables
- COMPANY_NAME
- SHOPIFY_REVALIDATION_SECRET
- SHOPIFY_STORE_DOMAIN
- SHOPIFY_STOREFRONT_ACCESS_TOKEN
- SITE_NAME
- TWITTER_CREATOR
- TWITTER_SITE
- NEXT_PUBLIC_VERCEL_URL
Security Notes
The application follows standard Next.js security practices, utilizing environment variables for sensitive Shopify API keys (`SHOPIFY_STOREFRONT_ACCESS_TOKEN`) and a revalidation secret (`SHOPIFY_REVALIDATION_SECRET`). These are validated at runtime and in the revalidation webhook handler to prevent unauthorized cache purging. The use of `dangerouslySetInnerHTML` for JSON-LD schema (product structured data) and general HTML content (e.g., product descriptions, pages) is present. While common for displaying CMS-managed content, it introduces a potential XSS vulnerability if the content fetched from Shopify is not adequately sanitized by the source system or if the application were to use untrusted HTML inputs elsewhere.
Similar Servers
mcp-handler
A Vercel adapter for the Model Context Protocol (MCP), enabling real-time communication between web applications and AI models.
turn-based-game-mcp
Provides an AI opponent for turn-based games via the Model Context Protocol (MCP).
toolhive-cloud-ui
A Next.js application for visualizing Model Context Protocol (MCP) servers and providing easy URL copying for integration with AI agents.
Hey-Sanka
This is a Next.js web application, likely serving as a frontend or full-stack platform.