Strapi Market Guidelines

Make Strapi Awesome

dots
triangle


Quick links
Security & Legal
Business
Design
Tech

Why build on Strapi?

Strapi is the leading open-source headless CMS used by millions of people all over the world. The needs of the community are becoming more diverse and complex. To unleash this potential we want to create and support a strong plugin ecosystem.

How to create Strapi plugins?

Build any plugin thanks to the redefined Plugin API coming with the v4. Easily design the plugin interface using the Strapi Design System and UI kit.

What's Strapi Market?

Strapi Market is the official and trusted place where people can access all the submitted plugins. Anyone is free to add their plugin to the marketplace. Our team will review the plugins and highlight the verified ones to give them maximum visibility. This is a foundational step to empower developers to get paid for their contributions in the future.



bag.png

Before you submit

Strapi strongly encourages projects developed by the community. All plugins will undergo a review process and will appear on the Marketplace. When and only when, all of the steps are approved, the submission will be displayed with an extra “verified” badge that will give it maximum visibility.

Please review these rules before beginning development to ensure your submission is approved and published on Strapi Market as quickly as possible:

  • Make sure all the requested information is complete and accurate.
  • Test your project for crashes and bugs.

The Strapi team will review the submission as soon as possible. The first review can be expected within 7 business days. Every notification will be sent via the provided email and Strapi will keep you updated if any changes are required.



bricks.png

Strapi users must feel confident when installing anything coming from Strapi Market. Strapi will not allow any submissions that are aimed to be malicious or damaging to the users or their work.

Please make sure to comply with the following rules:

  • Data collection Secrets or credentials from Strapi must not be collected.
  • Credential storage Your package must be handled appropriately as described in the Open Web Application Security Project if it stores its own credentials, such as passwords.
  • Common vulnerabilities protection Your package must be protected from common web security vulnerabilities, including but not limited to the OWASP top 10 vulnerabilities.
  • Endpoints protection Your package must not expose sensitive APIs through unprotected endpoints.
  • Dependencies The plugin's dependencies should be up to date and not contain any known vulnerabilities. Run npm audit or yarn audit to check for vulnerabilities.


puzzle.png

Business

These are the prerequisites for your plugin or provider to be accepted on Strapi Market.

Each item can be modified afterward by sending an email to market@strapi.io with the requested changes.

  • Make your code accessible through npm The submission has to be hosted in a public npm registry.
  • Choose the MIT license Please make sure your plugin is under MIT License.
  • Give the submission a clear and representative name Please avoid naming the project anything that implies Strapi's endorsement. This also applies to domain names.
  • Add a logo or image Add a representative image or logo, to make the submission easily identifiable. A placeholder will be provided, in case the box is left empty. The image must be in JPG or PNG format. We recommend a size around 160×160px to ensure the best quality.
  • Provide a short and clear description Briefly explain what the project does, and how it can help others in the Strapi community. The description must contain between 50 and 150 characters. Please use capital letters sparingly.
  • Write a substantial readme Make sure your readme contains all useful information for the package users, such as what it does, how to install and configure it, the prerequisites if there are any, etc.
  • Agree to the Terms & Conditions Strapi Terms & Conditions must be agreed upon to make a submission.


bag.png

Design

Strapi created a whole Design System to help craft your own projects while providing a seamless experience for the users.

  • User Interface

The project should follow the minimum standards given by the Design System, in terms of user experience and interface, in order to be approved. All necessary guidelines are available on the Design System website and the component library (see “Docs” tab).

Note: Buffet.js is a deprecated library used for v3 and which no longer exists in v4.

  • User experience

Strapi highly values clarity and consistency. The submission should fit in the whole Strapi experience.

By default, every plugin has a settings page. The project configuration should be done as much as possible through the UI to make it more accessible for anyone.

https://github.com/rgesulfo/rfcs/raw/plugin-design-guidelines/rfcs/00xx%20-%20plugin-design-guidelines/assets/injection-zones.png

Injection Zones

When it comes to meeting the community’s needs, Strapi could be really customizable. Additional information, fields, buttons, and so on, could be added to specific parts of the product thanks to “injection zones” (IZ). More are to be added, but we can currently count:

  1. Global
  • Tutorial links: Additional information or links could be added to this very specific part of Strapi. Example: Blog post link
  1. Content Manager — List View of a Collection type
  • Actions (top-right corner): Dedicated to buttons, filters, or select inputs. Example: Locale select (Internationalization), configure the view, …
  • Column in the table: Dedicated to short texts or icon button(s). Example: SEO score, rating,
  • Deletion modal: Some extra information can be added to the deletion modal.
  1. Content Manager — Edit View of an entry
  • First box of the right panel: Add additional information or potential actions. Strapi recommends staying concise and straightforward as the given space is small. Example: Last update, date of publication, …
  • Below the right panel: Possibility to add a vast choice of buttons. Example: Preview, configure the view, …


bricks.png

Tech

Thanks to the redefined Plugin API brought by Strapi v4, anyone is free to submit their idea(s) and project(s) to the Strapi marketplace.

General

  • The plugin MUST be publicly available on npm. Learn how to publish a package on npm.
  • The plugin MUST contain a README.md file that clearly explains how to install and use the plugin. The README MUST be written in English.
  • The plugin MUST alert the user if it is tracking any usage data and it MUST provide a way to opt out.
  • The plugin MUST be completely free to use. The plugin, or any of its features, cannot be blocked by an offsite or third-party paywall. (Paid plugins will be available in the future with additional guidelines)
  • Plugins MUST be compatible with Strapi v3 or v4.
  • New plugins SHOULD be built for Strapi v4 (Learn more on migrating plugins from v3 to v4).
  • Plugins compatible with Strapi v4 MUST use the Strapi Design System for the UI.
  • Plugins compatible with Strapi v3 SHOULD use the Buffet Component Library for the UI.
  • Plugins compatible with Strapi v3 MUST have strapi as a peerDependency in their package.json
  • Plugins compatible with Strapi v4 MUST have @strapi/strapi as a peerDependency in their package.json
  • The code MUST be readable and easy to understand.
  • The owner of the plugin MUST provide instructions for submitting issues.

Security

  • A plugin MUST not collect any secrets or credentials from Strapi.
  • If the plugin stores its own credentials, such as passwords, then these credentials MUST be handled appropriately as described on the Open Web Application Security Project.
  • The plugin MUST be protected from common web security vulnerabilities, including but not limited to the OWASP top 10 vulnerabilities.
  • The plugin's dependencies SHOULD be up to date and not contain any known vulnerabilities. Run npm audit or yarn audit to check for vulnerabilities.
  • A plugin MUST NOT expose sensitive APIs through unprotected endpoints.

Ready to share your work with the world?