Developer Tools Hub

A single place for the small utilities you reach for a dozen times a day — cron, regex, encoding, formats, and time. Everything runs in your browser; nothing you paste here leaves it.

FAQ

About the Tools

Is my data safe? Does anything leave my browser?

Tool input never leaves your browser. Every tool — cron parser, regex tester, JWT decoder, hash generator, and the rest — runs entirely in client-side JavaScript. No input is sent to any server, logged, or stored.

The site uses Google Analytics 4 to track page visits (not content). Google receives anonymised usage data such as which pages were loaded. See the Privacy Policy for full details.

Does it work offline?

Mostly. All tools run locally once the page is loaded. If you lose connectivity mid-session, every tool already on the page continues to work. Google Fonts, the js-yaml library (served from cdnjs), and Google Analytics require internet access — if fonts fail to load the page still functions with a system monospace fallback.

For guaranteed offline use, save the page to disk and open it locally.

Cron Expression Editor & Verifier

What it does: Parses a standard 5-field Unix cron expression into plain English and calculates the next five scheduled run times from the current moment.

When to use it: Before deploying a cron job to confirm the schedule is correct, or to decode an existing expression you didn't write. Especially useful for expressions with ranges and steps like */15 9-17 * * 1-5 ("every 15 minutes, 9 am–5 pm, weekdays").

⚠ Results reflect standard Unix cron semantics. systemd timers, AWS EventBridge, Quartz Scheduler, and other platforms have their own variations. Always verify in your target environment before deploying.

Data Format Converter (JSON · YAML · CSV)

What it does: Converts data between JSON, YAML, and CSV. Powered by js-yaml for YAML parsing and a lightweight CSV implementation for flat arrays.

When to use it: Converting a JSON config file to YAML for a CI pipeline, translating an API response into CSV for spreadsheet analysis, or moving between Kubernetes/Docker Compose manifest formats.

⚠ CSV conversion assumes a flat structure (array of objects with scalar values). Nested objects or arrays will be stringified. Round-tripping through CSV may lose type information (numbers become strings).

Regex Tester & Visualizer

What it does: Tests a regular expression against a sample string, highlights every match inline, and lists each capture group with its position and value.

When to use it: Writing and debugging patterns before adding them to production code — validation, log parsing, find-and-replace operations. Supported flags: g global · i case-insensitive · m multiline · s dotAll · u unicode · y sticky.

⚠ Uses the JavaScript RegExp engine. Patterns from Python re, PCRE (PHP/Perl), or Go regexp may behave differently — especially around lookaheads, named groups, and backreferences.

Base64 Encode / Decode

What it does: Converts text to Base64 or decodes Base64 back to text. Unicode input is handled correctly via UTF-8 encoding before conversion.

When to use it: Reading Authorization: Basic … headers, inspecting JWT payloads manually, creating data: URIs, or passing binary-safe strings through JSON or query parameters.

⚠ Base64 is encoding, not encryption. Anyone who sees the encoded string can decode it instantly. Never use Base64 to conceal sensitive data.

JWT Decoder

What it does: Splits a JSON Web Token (header.payload.signature) into its three Base64URL-encoded parts and displays the header and payload as formatted JSON. If an exp claim is present it shows whether the token is currently expired.

When to use it: Debugging auth issues — checking which claims an identity provider issued, confirming token expiry, or inspecting the algorithm (alg) and key ID (kid) in the header.

Token structure: The header names the algorithm; the payload carries the claims (subject, issuer, expiry, custom fields); the signature is used by servers to verify integrity — this tool does not check it.

⚠ This tool does not verify the signature. A decoded token is not a validated token. Do not paste real production or session tokens — treat them as sensitive credentials.

UUID Generator

What it does: Generates version-4 UUIDs using crypto.randomUUID() — the browser's cryptographically secure random number generator. You can generate 1 to 50 at a time.

When to use it: Creating unique identifiers for database primary keys, idempotency keys, correlation IDs, test fixtures, or any situation that needs a value that is globally unique and won't collide.

⚠ V4 UUIDs are random and collision-resistant but they are not secret keys or passwords. Do not use a UUID as a secret, API token, or cryptographic key — their format is publicly known.

Timestamp Converter

What it does: Converts between Unix timestamps (integer seconds since 1970-01-01T00:00:00 UTC), ISO 8601 date-time strings, and human-readable local time in your current timezone.

When to use it: Decoding a timestamp from an API response or log file, generating a specific Unix value for a test payload, or checking when a JWT was issued (iat) or expires (exp).

⚠ All output uses your browser's local timezone. The UTC offset is shown in the result. For timezone-critical work, confirm the offset matches your target environment.

Hash Generator (SHA-256 / SHA-1)

What it does: Produces the SHA-256 or SHA-1 hex digest of any text you enter, using the browser's built-in crypto.subtle.digest() API. Requires a secure context (HTTPS or localhost).

When to use it: Verifying file integrity by comparing digests, generating a content hash for an ETag, checking that a value matches a known digest, or exploring what hashes look like.

SHA-256 vs SHA-1: SHA-1 is cryptographically broken for collision resistance and should not be used in new security contexts. Default to SHA-256.

Do not use these for passwords. SHA-256 is not a password hashing function — it is fast by design, which makes it trivial to brute-force. Use bcrypt, Argon2, or scrypt for password storage.

Color Converter (HEX · RGB · HSL)

What it does: Takes a hex color code and converts it to its RGB and HSL equivalents with a live color swatch so you can see the actual color at a glance.

When to use it: Translating a design token from one format to another, writing CSS custom properties, or identifying an unfamiliar hex value copied from a design file or screenshot.

Format guide: #rrggbb or #rgb hex shorthand · rgb(r, g, b) where each channel is 0–255 · hsl(h, s%, l%) where hue is 0–360° and saturation/lightness are percentages.

⚠ Output values are rounded to the nearest integer. Minor rounding differences may appear when converting back. For pixel-perfect colour-critical work, use a dedicated colour management tool.

URL Encoder / Decoder

What it does: Applies percent-encoding (equivalent to JavaScript's encodeURIComponent) to a string, or decodes percent-encoded sequences back to plain text.

When to use it: Building query strings that contain spaces or special characters, debugging a URL that looks garbled in a log, or reading an encoded redirect parameter.

⚠ This tool encodes the entire input as a URI component — scheme, slashes, and all. If you want to encode only the query-parameter values of a full URL, paste each value individually rather than the whole URL.