Free Developer Tools
These are the utilities developers reach for a dozen times a day: pretty-printing a minified JSON response to find the field that's actually null, validating YAML before a CI pipeline fails on an indentation error, reformatting a 400-character SQL query into something a reviewer can read, computing a SHA-256 checksum to verify a download. None of these tasks deserve an IDE plugin or a paid app; all of them deserve to be one browser tab away.
Where these tools run matters more than it does for most web utilities, because the things you paste into them — API payloads, config files, connection strings, the credentials behind an htpasswd entry — are exactly the things that should never touch someone else's server. Every tool on this page does its work inside the page itself: formatting and validation happen in JavaScript, hashing goes through the Web Crypto API, and Base64 decoding happens in memory. Nothing is uploaded, no account is required, and there is nothing for a server to log, which makes them safe to use with production data in a way most online formatters are not.
The collection splits into three working sets. Formatters and validators handle structured text: JSON (formatting, validation, and escaping for embedding in string literals), YAML, SQL, and HTML, each with the error reporting that tells you the line, not just that something failed. The hashing and systems group covers MD5 through SHA-512 digests, Apache htpasswd entries, and the octal-to-symbolic math behind chmod permissions. The visual group generates copy-ready CSS box shadows, solves aspect-ratio problems for responsive layouts and video embeds, turns Base64 data URIs back into viewable image files, and builds Wi-Fi QR codes so guests scan instead of typing a password.
One note of judgment the tools themselves enforce: MD5 and SHA-1 are included because checksums, cache keys, and legacy systems still demand them — not because they are safe for anything security-sensitive. For integrity checks on data you care about, use SHA-256 or SHA-512; for password storage, use the bcrypt option in the htpasswd generator rather than any raw hash.
Format & validate
Beautify, minify, and validate JSON, YAML, SQL, and HTML with errors that point at the offending line.
JSON Formatter & Validator
Format, validate, and beautify JSON in your browser — instant error messages with line numbers, 2 or 4-space indent, minify mode, and copy.
JSON Escape / Unescape
Escape text for JSON strings or unescape JSON back to plain text — quotes, backslashes, newlines, and unicode handled correctly both ways.
YAML Validator / Linter
Validate YAML in your browser with line-numbered errors — catch indentation mistakes, tabs, and duplicate keys in Kubernetes and CI configs.
SQL Formatter / Beautifier
Format and beautify SQL queries in your browser — keyword casing, clause indentation, and comma style for MySQL, Postgres, and standard SQL.
HTML Formatter / Beautifier
Beautify messy HTML with proper tag-aware indentation or minify it for production — formatted in your browser with one-click copy.
Hashing, auth & permissions
Generate cryptographic hashes and htpasswd entries, and translate Unix file permissions between octal and symbolic notation.
Hash Generator (MD5/SHA-1/SHA-256/SHA-512)
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text or files instantly — computed in your browser, nothing is ever uploaded.
.htpasswd Generator
Generate .htpasswd lines for Apache and nginx basic auth — bcrypt or MD5-crypt hashes computed locally, your password never touches a server.
chmod Permissions Calculator
Convert Linux file permissions between octal and symbolic instantly — check rwx boxes to get chmod 755-style commands with clear explanations.
CSS, images & QR codes
Build CSS box shadows visually, solve aspect-ratio math, decode Base64 strings into images, and create scannable Wi-Fi QR codes.
CSS Box Shadow Generator
Design CSS box shadows visually with multiple layers, inset, spread, and color alpha controls — live preview and copy-ready CSS output.
Aspect Ratio Calculator
Calculate aspect ratios and missing dimensions — lock 16:9 or any ratio and solve width or height for video, images, and responsive design.
Base64 ⇄ Image Converter
Convert Base64 to an image and images to Base64 data URIs in your browser — instant preview, PNG, JPG, WebP and SVG support, nothing uploaded.
WiFi QR Code Generator
Generate a WiFi QR code guests can scan to join your network — WPA, WEP, or open, hidden SSID support, and the password never leaves your browser.
Guides
Hashing vs. Encoding vs. Encryption (and When MD5 Is Fine)
Hashing is one-way, encoding is reversible, encryption needs a key. Learn which to use, why MD5 still has a place, and why passwords need more than SHA-256.
Linux File Permissions Explained: What 755 and 644 Actually Mean
Decode Linux file permissions and chmod numbers: read/write/execute, owner/group/other, and why 755 and 644 are the defaults you reach for.
Frequently asked questions
Is my code or data uploaded when I use these tools?
No. Everything — formatting, validation, hashing, decoding — executes in your browser using JavaScript and the Web Crypto API. Your input never leaves your device, which is the whole point: payloads, configs, and credentials are exactly the data you shouldn't paste into a tool that round-trips through a server.
Is it safe to paste production data, like real API responses or passwords?
From a network standpoint, yes — nothing is transmitted or stored, so there's no server-side copy to leak. The usual local precautions still apply: clear the page when you're done on a shared machine, and don't paste secrets while screen-sharing.
Why offer MD5 and SHA-1 if they're broken?
They're cryptographically broken for collision resistance, but still everywhere in practice: file checksums published by vendors, cache keys, ETags, and legacy protocols. The tools include them for compatibility while making clear that anything security-sensitive should use SHA-256 or stronger, and password storage should use bcrypt via the htpasswd generator.
Will the formatters change my data?
Only the whitespace. Formatting JSON, SQL, or HTML rewrites indentation and line breaks but preserves every value, key, and statement; minify mode does the reverse. The validators don't modify input at all — they only report whether it parses and where it fails.
What's the difference between hashing, encoding, and encryption?
Hashing (MD5, SHA-256) is one-way: you can't recover the input from the digest, which makes it right for checksums and integrity. Encoding (Base64) is reversible by design and provides zero secrecy — it just makes binary data safe to move as text. Encryption is reversible only with a key. Knowing which one a situation calls for prevents the classic mistake of treating Base64 as security.
Do the generated htpasswd entries work with nginx as well as Apache?
Mostly. Apache supports bcrypt, MD5-crypt (APR1), and SHA variants. nginx's basic auth relies on the system crypt() implementation, where bcrypt and APR1 are widely supported on Linux distributions. If an entry is rejected, regenerate it with APR1, which is the most universally accepted format.