Developer Tools — Format, encode, hash, validate — all the daily dev utilities.

Why developers should care that these run in-browser

Every working developer has the same daily problem: you copy a JWT from a Slack thread to decode it, you paste a JSON blob from a production log to format it, you generate a SHA-256 hash to compare a file against a published checksum. The fastest path is usually a Google search → click first result → paste. The first result is almost always a server-side tool that logs your input for analytics, often with a banner ad in the middle of the result.

That "harmless" copy-paste workflow has produced real incidents. Tokens leaked through online JWT decoders. Internal API endpoints exposed via JSON formatters whose operators got curious. Production credentials hashed at sites whose database later leaked. The fix is not better operational discipline — engineers have other things to think about. The fix is to use tools that can'tlog your input because they don't have a server.

Pickrack's six developer tools all run entirely in your browser. JSON formatting is a JSON.parse + JSON.stringify in JavaScript. Base64 encoding is the native btoa/atob with a TextEncoder fallback for full UTF-8 (Vietnamese, emoji). JWT decoding is a Base64URL split into header/payload/signature, decoded into JSON. Hash generation uses Web Crypto API (built into the browser, FIPS-validated implementation). UUIDs use crypto.randomUUID. Regex testing uses the native JavaScript regex engine. None of this code makes a network request. You can verify with DevTools → Network.

The six developer tools and what they replace

• JSON Formatter — replaces JSONFormatter.org, JSON Editor Online. Formats with 2-space or 4-space indent, validates syntax, shows error position on invalid input.
• Base64 Encoder/Decoder — replaces Base64Decode.org. Full UTF-8 support (Vietnamese, Chinese, emoji) which most simple btoa wrappers break.
• JWT Decoder — replaces jwt.io. Decodes header + payload, shows expiration as a human-readable date, signature verification on the roadmap.
• Hash Generator — replaces miscellaneous hash tools. MD5 (legacy compat only), SHA-1 (Git compat), SHA-256, SHA-512. Note: do not use plain hashes for password storage — use bcrypt, scrypt, or Argon2.
• UUID Generator — replaces uuidgenerator.net. Generates 1-1000 v4 UUIDs at once. Compatible with PostgreSQL uuid type.
• Regex Tester — replaces regex101 for quick checks. Live match highlighting, capture group display, six common presets (email, URL, phone, ISO date, IPv4, hex color).

What we don't replace (and shouldn't)

Pickrack's dev tools are complementary to your main toolchain, not a replacement. For complex regex work, regex101 is still better — it has explanation mode, multiple flavors (Python, PHP, JavaScript), and is the de facto standard. For deeply nested JSON exploration, jq on the command line or VS Code's JSON tree view is more efficient. For full JWT signature verification with public keys, the jose npm libraryis the right choice. Pickrack is the "quick check before going back to my real workflow" layer.