Free Developer Tools

Format, encode, hash, convert and diff — without pasting production data into someone else's server.

Every developer has done it: an API response is malformed, you paste it into the first JSON formatter that Google offers, and only afterwards does it occur to you that the payload contained a customer's email address, a session token and an internal endpoint. That paste is now in someone's request log. These tools exist so that never has to happen — the parsing, hashing and encoding all run in your browser, and the network tab stays empty.

Reading and fixing data. The JSON Formatter pretty-prints, minifies and validates, and when the JSON is broken it tells you the line and character rather than just saying "invalid". CSV to JSON converts in both directions with delimiter detection, and XML to JSON handles the attribute-versus-child-node ambiguity that makes XML conversion annoying. When two files should be identical but are not, Text Diff shows you exactly where they disagree.

Encoding and identity. Base64 Encode / Decode is UTF-8 safe and works on files as well as text, which is what you need for data URIs and for decoding a JWT payload by hand. The Hash Generator produces MD5, SHA-1, SHA-256 and SHA-512 from text or a file — use it to verify a download's checksum without installing anything. UUID Generator spits out up to 500 v4 identifiers at once, and Unix Timestamp Converter settles the eternal "is this seconds or milliseconds?" argument.

Scaffolding. Fake Data Generator produces realistic mock records as JSON, CSV, SQL INSERT statements or a TypeScript interface — enough to populate a table or a Storybook fixture without writing a seeding script. Lorem Ipsum fills the layout, and Case Converter rewrites a list of names into camelCase, snake_case or SCREAMING_SNAKE without a regex you will regret.

All developer tools

Popular in this category

Developer tool FAQ

Is it safe to paste production data or a token into these tools?

Safer than any server-side equivalent, because nothing you type is transmitted. Every tool in this category runs as JavaScript in your tab — you can confirm it by opening DevTools, switching to the Network panel and watching that no request fires when you hit Format or Hash. That said, the sane habit remains: redact real secrets where you can, and never paste a live private key into any web page, ours included.

How is MD5 available in the browser if the Web Crypto API does not support it?

It does not, and that is deliberate on the standards side — MD5 is cryptographically broken and unsuitable for signatures or passwords. But it is still everywhere as a file checksum, so the Hash Generator ships a small pure-JavaScript MD5 implementation alongside the native SHA-1, SHA-256 and SHA-512 from crypto.subtle. Use MD5 to verify a download matches its published checksum; use SHA-256 for anything that matters.

Are the generated UUIDs actually random?

Yes. The UUID Generator draws from crypto.getRandomValues(), the browser's cryptographically secure random source, rather than Math.random(). The output is standard RFC 4122 version 4 — 122 random bits, which is enough that collisions are not a practical concern even across billions of identifiers.