Free Online Developer Tools
Eleven utilities that you'd otherwise reach for a CLI to do — JSON formatting, regex testing, JWT decoding, base64, hashing, encoding, and more. All run locally in your browser; nothing is ever uploaded, even when you paste a token or a secret.
All developer tools
JSON Formatter & Validator
Pretty-print, minify, and lint JSON — with line/column error reporting.
YAML ↔ JSON Converter
Bidirectional conversion between YAML and JSON, preserving structure.
Regex Tester
Live match, replace, and capture groups against any string.
JWT Decoder
Inspect header and payload of any JSON Web Token without verifying the signature.
Base64 Encoder & Decoder
UTF-8-safe Base64 with standard and URL-safe variants.
Hash Generator
MD5, SHA-1, SHA-256, SHA-384, and SHA-512 from any text input.
Password Generator
Cryptographically secure random passwords with configurable charsets.
QR Code Generator
Encode text or URLs as a downloadable PNG QR code.
URL Encoder & Decoder
Percent-encode and decode URLs and query strings.
Unix Timestamp Converter
Unix epoch ↔ human-readable date in any time zone.
Text Diff
Compare two texts side by side with character-level diffing.
When to use which
Inspecting and reformatting data
For JSON, the JSON formatter handles the day-to-day cases: pretty-printing API responses pasted from Slack, minifying for embedding in a script tag, validating against the strict spec. If your input looks like JSON but rejects, see the JSON vs JSON5 vs JSONC guide — it's probably one of the relaxed dialects. For YAML ↔ JSON conversion (Kubernetes manifests, GitHub Actions workflows, OpenAPI specs), the YAML/JSON converter handles both directions.
Auth and tokens
The JWT decoder shows you the header and payload of any JWT — useful for debugging "why is the user's role wrong?" or "when does this token expire?". It deliberately does not verify the signature; that requires the secret/public key and is a job for your server. See the JWT guide for the structure and common pitfalls.
Encoding and hashing
Base64 is for transport, not security — read the guide if that distinction matters. The hash generator covers the MD5/SHA family for checksums and signatures. URL encoding handles the percent-encoded strings you see in query parameters.
Generators
The password generator uses the Web Crypto API's CSPRNG — safe for actual passwords, not just demos. The QR generator renders a downloadable PNG you can drop into a deck or print.
Diff and pattern matching
Text diff is a fast way to compare two log snippets or two versions of a config file when git isn't handy. The regex tester lets you iterate on a pattern against sample input — see the common patterns guide for starters.
Why browser-based instead of a CLI?
For repeated work in a script, a CLI tool (jq, openssl, base64) is the right answer. For a one-off — paste, inspect, copy, move on — opening a tab is faster than remembering flag syntax. Every tool here is a single static page; first paint is sub-second on any connection, and the tool runs locally so a slow network doesn't matter once it's loaded.
Frequently asked questions
Is it safe to paste tokens or secrets into these tools?
The tools themselves don't transmit anything — you can verify in DevTools' Network tab. That said, organisational security policies vary; some teams discourage pasting production secrets into any third-party tool, even client-side ones. Use your judgement.
Does the JWT decoder verify signatures?
No, intentionally. Verifying a signature requires the issuer's secret (HS256) or public key (RS256/ES256). Decoding the payload doesn't prove anything about the token's authenticity — only the issuer can do that.
Are the password generator and hash output suitable for production?
Yes. The password generator uses crypto.getRandomValues (the Web Crypto CSPRNG). The hash generator uses the Web Crypto SubtleCrypto API for SHA-1/256/384/512. MD5 is computed via a small implementation in JavaScript since it's not part of SubtleCrypto.
Why don't the tools work offline?
They actually do, once loaded — the page is static HTML and the JS runs locally. Refreshing without a network requires the assets in your browser cache, which they will be on the second visit. We may add a service worker for explicit offline use later.
Will you add tools for OpenAPI, GraphQL, or protobuf?
Maybe. The bar is "useful in 30 seconds" — if a tool requires uploading a schema or pasting hundreds of lines of context, it's probably better as a desktop app or IDE plugin. Email [email protected] with what you'd want and how you'd use it.