Dev Tools
Free Developer Tools & Utilities
21 in-browser utilities for JSON, regex, CSV, color, encoding and CSS. Everything runs client-side — nothing you paste leaves your device. No sign-up, no install, paste-and-go.
Twenty-one utilities you can open in a tab and use immediately. No accounts, no upload pipeline, no telemetry on the payload — every tool runs entirely in the browser, so a JSON blob, a log fragment, an API response, a CSV from your CRM, or an internal config file never gets shipped to a remote server. That matters when you are pasting things you do not want logged.
The lineup covers the categories you actually reach for during a workday: JSON formatting, validation, and minification; regex testing with named capture groups and flag toggles; colour manipulation across HEX, RGB, HSL and the wider Display-P3 gamut; CSS generators for gradients and layered box-shadow; encoding helpers for base64 and URL components; hash and UUID generation via the Web Crypto API; and text processing for diff, markdown preview, CSV-to-JSON, and ASCII art.
The sharper edges of these tools matter. Regex catastrophic backtracking on inputs like (a+)+$ against a long non-matching string can lock a thread for seconds — the tester surfaces match time so you spot it before it ships. JSON5 with trailing commas and unquoted keys is not strict JSON; the formatter rejects it with a precise offset. encodeURI and encodeURIComponent behave differently on reserved characters like ?, &, = and / — get them wrong and your URL silently corrupts. CSV files exported from Excel often start with a UTF-8 BOM (EF BB BF) that turns the first column header into name; the converter strips it. sRGB versus Display-P3 matters when you target newer phones — the colour tools show both gamuts so you do not commit a value that clips. Use them like you'd use a scratch buffer.
Tools
Data & Encoding
Parse, transform, and validate the formats you ship between systems.
JSON Formatter
Format, minify, and validate JSON with two-space indent, error offsets, and node counts. Strict parser — surfaces trailing commas and unquoted keys.
CSV to JSON Converter
Convert CSV to a JSON array of objects. Strips UTF-8 BOM, handles quoted fields with embedded commas, and lets you pick the delimiter.
URL Encoder / Decoder
Round-trip strings through
encodeURIComponent and base64. Handy for fixing query strings and inspecting Authorization headers.Hash Generator
MD5, SHA-1, SHA-256, SHA-384, and SHA-512 via the Web Crypto API. Useful for verifying file integrity and generating ETag-style cache keys.
UUID Generator
Generate v1 (timestamp), v4 (random), and bulk batches. Backed by
crypto.randomUUID() for cryptographically strong v4 output.Regex & Text
Pattern-match, diff, and preview without firing up a sandbox project.
Regex Tester
Live match highlighting, named capture groups, all flags (
gimsuy), and per-test execution time so you can spot catastrophic backtracking early.Diff Checker
Side-by-side text comparison with line and word-level diffs. Drop two snippets, log fragments, or config versions to see exactly what changed.
Markdown Preview
Live GitHub-flavoured markdown preview with code fences, tables, task lists, and HTML escaping. No round-trip to a build pipeline.
ASCII Art Generator
Convert text and images to ASCII. Useful for CLI banners, README headers, and PR comments where you want a little personality.
CSS & Color
Generate the design-system values you'd otherwise hand-tune in DevTools.
Color Converter
Convert across HEX, RGB, HSL, HSV, CMYK, and Display-P3. Click-to-copy CSS values with sRGB and P3 gamut warnings.
Color Picker
HSL-first picker with alpha, contrast checking against a chosen background, and instant CSS output in any format.
Color Palette Generator
Build complementary, analogous, triadic, and tetradic palettes from a base hue. Export the full palette as CSS custom properties.
CSS Gradient Generator
Linear, radial, and conic gradients with multi-stop colours, angle control, and one-click
background-image output.CSS Box Shadow Generator
Layer multiple shadows, tweak offset / blur / spread / inset, and copy production-ready
box-shadow values.Favicon Generator
Generate a complete favicon set (16, 32, 48, 180, 192, 512) plus the
<link> tags. Upload an image or compose from emoji.Math & Layout
Arithmetic helpers and small generators for everyday layout work.
Aspect Ratio Calculator
Lock width or height to common ratios (16:9, 4:3, 1:1, 21:9) and snap to clean integers. Saves the napkin math when resizing media.
QR Code Generator
Encode URLs, Wi-Fi credentials, vCards, or arbitrary text. Configurable error correction and SVG/PNG export.
Cron Expression Builder
Build five-field cron strings with a human-readable summary and the next several fire times. Stops you from accidentally scheduling for 3 AM.
Security & Network
Generate, audit, and look up — without piping anything through a stranger's server.
Password Generator
Cryptographically random passwords with character class controls and entropy reporting. Generated with
crypto.getRandomValues().Password Strength Checker
Measures entropy in bits, flags common patterns and dictionary words, and estimates crack time at realistic GPU rates. Runs entirely offline.
What's My IP?
Public IPv4 and IPv6 lookup with rDNS, ASN, and approximate location. Useful for firewall allowlists and quick VPN sanity checks.
FAQ
Questions developers actually ask
Real answers to the kind of edge cases that bite you on a Friday afternoon deploy.
Does anything I paste into these tools get sent to a server?
No. Every tool in this collection runs entirely in your browser — the JSON, regex, CSV, colour value or password you paste is processed locally in JavaScript and never leaves your device. The single exception is What's My IP?, which by design needs to make an outbound request to determine your public address. That makes the rest of these tools safe for paste-sensitive content like API responses, log fragments containing customer data, internal config, or staging credentials. If a tool fetches anything, it'll be obvious from what the tool does.
Why isn't my regex matching across newlines?
In JavaScript regex, the
. metacharacter does not match newline characters by default. You have two options. The cleaner one is the s flag (dotAll), which makes . match every character including \n — supported in all modern engines. The portable alternative is [\s\S], a character class that matches any character at all and works in older environments. Use s when you control the runtime; use [\s\S] when you need to support legacy targets like older Node versions or constrained worker contexts.What's the difference between encodeURI and encodeURIComponent?
encodeURI is for whole URLs and intentionally leaves reserved characters alone — :, /, ?, #, &, = all pass through unencoded because they have structural meaning in a URL. encodeURIComponent encodes those reserved characters too because it expects a single component (a query parameter value, a path segment) where ? or & would corrupt the structure. Rule of thumb: if you're building a query string by concatenating ?key= + value, use encodeURIComponent on the value. Use encodeURI only for an already-structured URL you want to make safe.Why does my CSV import have weird characters in the first column?
Almost always a UTF-8 byte order mark — three bytes (
EF BB BF) that Excel and some Windows tools prepend to UTF-8 files. Naive CSV parsers read those bytes as the start of the first header, so you end up with name instead of name and your downstream code can't find the column. The fix is to strip the BOM before parsing: read the first three bytes, drop them if they match EF BB BF, and continue. The CSV-to-JSON converter does this automatically, but if you're rolling your own, it's the first thing to check when "the column is right there but my code says undefined".What's the practical difference between sRGB and Display-P3?
sRGB is the colour space the web has used since forever — roughly the gamut of a 1996 CRT. Display-P3 is wider, especially in saturated reds and greens, and is what modern Apple displays, recent iPhones, and most current laptops actually render. A vivid red specified in P3 will look richer on those screens; on an sRGB-only display the browser clips it to the closest sRGB colour. CSS now supports
color(display-p3 r g b). If your brand colours include saturated reds or greens, mocking them in P3 is worth it — but always provide an sRGB fallback for older monitors and Windows machines without colour management.How do I detect catastrophic backtracking in my regex?
The classic shape is nested quantifiers over an overlapping pattern —
(a+)+, (a|a)*, (.*)* — applied to a long string that almost matches but ultimately doesn't. The engine retries every combination of subdivisions and time grows exponentially with input length. Two practical defences. First: time your matches against worst-case inputs; if a 100-character string takes more than a few milliseconds, something's wrong. The Regex Tester reports execution time for exactly this reason. Second: rewrite with possessive groups, atomic groups, or by anchoring the pattern so it can't backtrack. If you can switch engines, RE2 (used by Go and available as a JS port) guarantees linear time at the cost of dropping backreferences.Is JSON5 the same as JSON?
No. JSON5 is a superset that allows trailing commas, unquoted keys, single-quoted strings, hex numbers, and comments — all things strict
JSON.parse rejects. It's convenient for human-edited config (think Babel or webpack configs), but it's not interoperable. If you ship JSON5 to a service expecting JSON, the parse will fail. The JSON Formatter on this site is strict by design — that's what catches the trailing comma you didn't notice. If you specifically need JSON5 parsing, do the conversion in your build step rather than relying on the wire format.Are the password and UUID generators cryptographically strong?
Yes, on any reasonably modern browser. Password Generator pulls bytes from
crypto.getRandomValues() and maps them into the chosen character class without modulo bias. UUID v4 uses crypto.randomUUID() when available (which is itself defined to use a CSPRNG), with a getRandomValues fallback for older targets. Neither uses Math.random(), which is not suitable for anything security-relevant. The generated values are safe for production use cases like API keys, session tokens, and database row IDs.