Free Developer & Design Tools — Colors, Encoders, Generators

Why browser-based dev tools matter

Developer toolchains require setup, permissions, and maintenance. A Base64 decode that takes 30 seconds in the terminal takes 2 seconds in a browser tab — and you don't have to remember the flag syntax. These tools handle the one-off conversions, validations, and inspections that happen throughout a development day: checking a JWT's expiry while debugging auth, generating a UUID for a test fixture, verifying a regex before committing it, or diffing two API responses. Everything runs locally — no data leaves your browser, which matters when the token or payload you're inspecting is sensitive.

Which tool for which task

Password Generator — Cryptographically secure passwords with custom rules.
Color Picker — HEX, RGB, and HSL conversion in one place.
Number Base Converter — Decimal, binary, hexadecimal, and octal.
QR Code Generator — Instant QR codes for any URL or text.
JSON Formatter — Format, validate, and minify JSON.
Hash Generator — SHA-1, SHA-256, and SHA-512 hashes.
Password Strength Checker — Score, estimated crack time, and criteria checklist.
Text Diff — Compare two texts and highlight changes.
Color Palette Generator — Generate palettes from any base color.
File Size Converter — KB, MB, GB, TB — decimal and binary prefixes.
Regex Tester — Live match highlighting, replace mode, group capture.
Base64 Encoder — Encode/decode with URL-safe mode and UTF-8 support.
URL Encoder — Percent-encode/decode URLs for safe transmission.
UUID Generator — UUID v4 (random) and v7 (time-ordered) in bulk.
JWT Decoder — Decode header, payload, claims, and verify HS256.
Case Converter — camelCase, snake_case, kebab-case, PascalCase, and 10 more.
Cron Builder — Build or parse UNIX cron with next-5-runs preview.
CSS Playground — Live generator for gradients, shadows, filters, and transforms.

Common developer mistakes

Confusing URL encoding with Base64 encoding. URL encoding (percent-encoding) makes characters safe for URLs. Base64 encodes binary as ASCII text for data transmission. They're different problems with different outputs — don't use one when you need the other.
Assuming a JWT is encrypted. JWTs are signed, not encrypted by default. The header and payload are Base64-encoded — anyone with the token can decode and read the claims. Use our JWT decoder to inspect what you're actually transmitting.
Using weak random for security purposes. Math.random() is not cryptographically secure — never use it for passwords, tokens, or UUIDs in production. Our password generator and UUID generator both use crypto.getRandomValues().
Testing regex only on the happy path. A regex that matches your expected input doesn't mean it rejects unexpected input. Use the regex tester to add edge cases: empty strings, very long strings, Unicode characters, and special characters.

Frequently asked questions

What is Base64 encoding used for?

Base64 encodes binary data as ASCII text, making it safe to transmit through text-only channels. Common uses include embedding images in CSS (data URLs), JWT tokens, and Basic Authentication headers.

How do I generate a secure password?

Use a password of at least 16 characters combining uppercase, lowercase, numbers, and symbols. Our generator uses crypto.getRandomValues() — the same cryptographic randomness your browser uses for HTTPS.

What is a JWT token?

A JSON Web Token (JWT) is a compact, URL-safe token used to transmit claims between parties. It consists of three Base64-encoded parts: header (algorithm), payload (claims), and signature for verification.

← All Tools