Local-first, on purpose
Your input never leaves the tab
JSON payloads, tokens and files routinely contain secrets. These tools have no processing backend to leak to — parsing, hashing and encoding run as JavaScript and WebCrypto in your browser.
Verifiable, not just promised
Open DevTools and watch the network tab while you work: after the page loads, no requests carry your data. You can even switch to offline mode and keep working.
No API — by design
A server API for these utilities would mean sending us exactly the data that should stay with you. That is why this service deliberately ships none.
Built for daily dev work
For Backend Devs
Validate API payloads and inspect JWTs without pasting tokens into a random website that phones home.
For Frontend Devs
Format JSON responses, encode URL parameters and generate UUIDs for fixtures — all offline-capable.
For DevOps
Verify file checksums and hash configuration values locally, on machines where data must not leave.
For Security-Minded Teams
Every tool is client-side by design. Audit it: open DevTools, watch the network tab stay empty.
Frequently asked questions
Do these tools upload my data?
No. All four utilities run entirely in your browser with JavaScript and WebCrypto. Nothing you paste, type or drop is transmitted to any server — you can verify this in your browser's network tab, or even go offline after the page loads.
Is it really free? What's the catch?
The developer utilities are free with no limits, because they cost us nothing to run — your machine does the work. They are part of the toolwerk platform, which earns money on its paid image and 3D tools instead.
Does the JWT inspector verify tokens?
No, and it says so loudly. It base64url-decodes the header and payload so you can read the claims. Signature verification requires the signing key and belongs in your backend, not in a browser tool.
Why is MD5 behind a warning?
MD5 has been cryptographically broken since 2004 — collisions are practical. We include it only so you can compare checksums published by legacy download pages. For anything security-related, use the SHA-256 or SHA-512 output.
How are the UUIDs generated?
With crypto.randomUUID(), the browser's built-in cryptographically secure generator — not Math.random(). Every UUID is generated on your machine.
Can I use these tools offline?
Once a tool page has loaded, the processing itself needs no connection. Formatting, hashing, encoding and UUID generation all keep working if you disconnect.