I just shipped 5 new tools to DevNestio — a hub of 172 free, browser-only developer utilities. All tools are zero-signup, zero-upload, and work offline.
1. GraphQL Query Formatter & Minifier
https://devnestio.pages.dev/graphql-formatter/
Paste any GraphQL operation and get:
- Pretty-print — consistent indentation
- Minify — strips comments and whitespace for smaller request payloads
- Validation — brace/parenthesis balance check
-
Operation detection — lists all named
query,mutation,subscription,fragment
Useful for quick query cleanup before pasting into code reviews or API docs.
2. Protobuf (.proto) Formatter & Validator
https://devnestio.pages.dev/protobuf-formatter/
Online formatter and validator for Protocol Buffer .proto files:
- Duplicate field number detection
- Message and enum structure validation
- Syntax-highlighted output
- One-click copy
Great for a sanity check before pushing .proto changes in a gRPC service.
3. Docker Compose Validator
https://devnestio.pages.dev/docker-compose-validator/
Paste your docker-compose.yml to catch:
- Missing
servicessection - Services without
imageorbuild - Invalid port mappings (
80:80,127.0.0.1:8080:80,53:53/udp, ranges…) -
depends_onreferencing non-existent services - Circular dependency detection (A→B→A)
- Unknown
restartpolicies
# This will flag errors:
services:
web:
ports:
- "abc:xyz" # invalid port
depends_on:
- missing_service # unknown service
4. Dockerfile Analyzer & Linter
https://devnestio.pages.dev/dockerfile-analyzer/
Analyzes your Dockerfile for best practice violations across three categories:
Security
-
sudousage inside RUN - Container running as root (no
USERinstruction) - Secrets baked into
ENV/ARG(password, secret, token, key)
Image size
-
:latestbase image tag -
apt-get updatein a separate RUN (stale cache risk) -
apt-get installwithout--no-install-recommends - apt cache not cleaned (
rm -rf /var/lib/apt/lists/*) -
ADDused for local files instead ofCOPY
Layer optimization
- Consecutive
RUNinstructions (suggest chaining with&&) - High total layer count
Also flags the absence of WORKDIR and celebrates multi-stage builds and HEALTHCHECK when present.
5. Email Header Analyzer
https://devnestio.pages.dev/email-header-analyzer/
Paste raw email headers and instantly get:
Authentication Results
SPF ✅ pass
DKIM ✅ pass
DMARC ✅ pass
Phishing investigation often starts here — a failed SPF or DKIM check is a red flag.
Phishing Signals
- Reply-To domain ≠ From domain — classic impersonation trick
- Return-Path domain mismatch
- Spam score / X-Spam-Flag detection
Routing Trace
Parses all Received: headers to show each hop the email traveled through, including originating IP addresses.
Three Tabs
- Summary — From/To/Subject/Date/Message-ID + auth status
- Routing — hop-by-hop trace with IP addresses
- All Headers — raw dump of every header field
Handy when your security team needs to quickly triage a suspicious email without spinning up a full mail analysis tool.
Implementation Notes
All five tools follow the same constraints:
- Vanilla JS, single HTML file — no bundler, no framework, works offline
-
80+ Node.js
asserttests — core logic is extracted and tested independently of the browser - No external YAML/parsing libraries — the Docker Compose validator uses a custom line-by-line indent parser
DevNestio now has 172 tools in total. If there's a utility you'd find useful, drop a comment — I'm always looking for the next one to build.
Top comments (0)