Developer Utility Tools: Format, Encode, Test, and Hash in the Browser
Every developer maintains a mental toolkit of small utilities they reach for dozens of times a week: something to format a blob of JSON, something to decode a URL, something to test a regular expression. This guide explains what each category of tool does, when you need it, and how to use it correctly — with links to free browser-based versions for each task.
JSON Tools: Format, Validate, Minify, and Convert
JSON (JavaScript Object Notation) is the dominant data interchange format, but raw JSON from an API or log file is often a single unreadable line. The JSON Formatter & Validator pretty-prints JSON with indentation and simultaneously checks it for syntax errors — a missing comma or unquoted key will be flagged immediately.
For the opposite need — reducing file size for transmission — the JSON Minify / Beautify tool strips all whitespace from valid JSON, reducing payload size by 20–40% for typical API responses.
If you are working in TypeScript and receive a JSON payload without a matching type definition, the JSON to TypeScript Interface converter infers an interface from any JSON sample. For example:
| JSON input | Generated TypeScript |
|---|---|
{"id": 1, "name": "Alice"} | interface Root { id: number; name: string; } |
This is a starting point — always review generated types for nullable fields and arrays of mixed types.
Data Import: CSV and JSON to SQL
When you need to seed a database table from a spreadsheet export, writing INSERT statements by hand is tedious and error-prone. The CSV to SQL INSERT Generator takes comma-separated data (including a header row) and outputs ready-to-run SQL. The JSON to SQL INSERT Generator does the same for arrays of JSON objects.
Worked example with the CSV tool:
- Input:
id,name,email/1,Alice,alice@example.com - Output:
INSERT INTO table (id, name, email) VALUES (1, 'Alice', 'alice@example.com');
Both tools handle quoting, escaping of single quotes, and NULL values automatically.
Encoding and Decoding
Three encoding systems come up constantly in web and security work:
- URL encoding (percent-encoding): Converts characters like spaces and
&into%20and%26so they are safe in query strings. Use the URL Encoder / Decoder to encode a raw string or decode a percent-encoded URL into readable text. - HTML entity encoding: Converts characters like
<and>into<and>to prevent XSS vulnerabilities when injecting user content into HTML. The HTML Entity Encoder / Decoder handles this in both directions. - Base64 file encoding: Converts binary files (images, PDFs) to ASCII strings for embedding in JSON, CSS data URIs, or email attachments. The Base64 File Encoder accepts any file and outputs the Base64 string.
Hashing and HMAC
Cryptographic hash functions produce a fixed-length fingerprint from any input. Common uses include verifying file integrity, storing passwords (with proper salting), and generating API signatures.
The File Hash Generator computes MD5, SHA-1, SHA-256, and SHA-512 digests for any local file — useful for confirming a downloaded file has not been tampered with. Compare the output against the checksum published by the file's source.
HMAC (Hash-based Message Authentication Code) adds a secret key to the hash, binding it to a specific sender. The HMAC Generator supports HMAC-SHA256 and other variants used in webhook signatures (GitHub, Stripe, and others use this pattern). The formula is:
HMAC(key, message) = H((key ⊕ opad) || H((key ⊕ ipad) || message))
In practice: paste your secret key and the webhook payload into the tool and compare the output to the signature header from the request.
Regex Tester
Regular expressions are powerful but have non-obvious behavior around greedy vs. lazy quantifiers, anchors, and character class edge cases. The Regex Tester lets you write a pattern and test it against sample text with real-time match highlighting — far faster than embedding the regex in code and re-running tests.
Key concepts to remember when testing:
^anchors to the start of the line;$to the end..*is greedy — it matches as much as possible. Use.*?for lazy (shortest) matching.- The
m(multiline) flag changes^/$to match line boundaries rather than the full string.
Cron Expression Explainer
Cron schedules are written in a compact 5-field syntax (minute hour day-of-month month day-of-week) that is easy to misread. The Cron Expression Explainer translates any cron string into plain English. For example, 0 9 * * 1-5 becomes “At 9:00 AM, Monday through Friday.”
Common Mistakes
- Double-encoding URLs. Encoding an already-encoded string turns
%20into%2520. Always decode first, then re-encode. - Using MD5 for security. MD5 is fast to compute, which makes it easy to brute-force. Use SHA-256 or SHA-512 for security-sensitive hashing.
- Trusting generated TypeScript types without review. Optional fields and union types require human judgment.
Frequently Asked Questions
How do I generate many UUIDs at once?
The Bulk UUID Generator produces any number of RFC 4122 v4 UUIDs in one click, ready to copy-paste into a seed file or test fixture.
What is the difference between URL encoding and Base64?
URL encoding is designed for text characters in URLs and remains mostly human-readable. Base64 encodes arbitrary binary data into printable ASCII — it is not compression, and Base64 output is roughly 33% larger than the input.
Can I use these tools with sensitive data?
All processing runs in your browser — no data is sent to a server. For highly sensitive production secrets, review each tool's implementation or use local CLI tools instead.