Why I stopped copy-pasting JSON into online converters and built TypeMorph

#privacy #security #showdev #typescript

Every developer has done it. You grab a JSON response from an API, paste it into some random online tool, and get a TypeScript interface back. Fast, convenient — and potentially a huge security mistake.

I did this for years before I realized what I was actually doing: sending production API responses, internal data models, and sometimes customer data to servers I knew nothing about.

So I built TypeMorph (https://typemorph.dev) — a schema conversion tool that runs 100% in your browser. No servers. No uploads. Your data never leaves your machine.

The problem with online converters

Most "free" online converters are not actually free. You're paying with your data.

When you paste a JSON payload into a third-party tool:

That payload hits their servers
It may be logged, stored, or analyzed
If it contains PII or proprietary business logic, you just leaked it

For personal projects this might be fine. But for a startup or enterprise team? One slip and you've violated your own data handling policies.

What TypeMorph does differently

TypeMorph uses a single AST pipeline that runs entirely in your browser:

JSON / YAML / OpenAPI / JSON Schema
└─► inferSchema() → Schema AST
└─► generators → 160+ output formats

Everything is client-side. There is no backend. The conversion happens in your tab and stays there.

160+ output formats

TypeMorph doesn't just do TypeScript. Paste one JSON object and get:

Validation schemas: Zod, Yup, Valibot, ArkType, Joi
Languages: Go, Rust, Python (Pydantic), Java, Kotlin, Swift, C#, Dart
Databases: Prisma, Drizzle, Kysely, MySQL, PostgreSQL, MongoDB
API: OpenAPI, Postman, Protobuf, GraphQL
Frontend: React Props, Vue Props, Pinia, Redux Slice

And it's not dumb code generation. The Zod generator applies semantic validators automatically:

// Input JSON: { "email": "user@example.com", "age": 28, "score": 94 }

// TypeMorph output:
export const rootSchema = z.object({
email: z.string().email(), // detected from field name
age: z.number().int().min(0).max(150), // semantic range
score: z.number().min(0).max(100), // semantic range
});

Schema Quality Score

TypeMorph grades your schema A–F and tells you why:

Fields typed as any
Missing format constraints (uuid, email, datetime…)
Mixed naming conventions (camelCase vs snake_case)
Overly deep nesting

It's like a linter for your data model.

Breaking Change Detector

Paste two versions of a schema and TypeMorph tells you exactly what broke:

0% compatible · 7 breaking · 1 info

❌ id REMOVED — Required field 'id' was removed
❌ name REMOVED — Required field 'name' was removed
⚠️ user_id ADDED — New required field. Existing payloads will be invalid

This alone has saved me from shipping breaking API changes more than once.

VS Code Extension

Last week I shipped a VS Code extension so you don't even need to open a browser.

Ctrl+Shift+T on any JSON file → pick a format → output appears in a side panel.

Install it from the VS Code Marketplace (https://marketplace.visualstudio.com/items?itemName=TypeMorph.typemorph-vscode).

CLI for CI pipelines

npm install -g typemorph-cli

typemorph zod schema.json # convert to Zod
typemorph quality schema.json # schema quality score
typemorph diff v1.json v2.json # breaking change detection

Try it