DEV Community

Dev Nestio
Dev Nestio

Posted on • Originally published at devnestio.pages.dev

5 Free Browser-Based Dev Tools: GraphQL Formatter, Docker Compose Validator, Dockerfile Linter, and More

I just shipped 5 new tools to DevNestio — a hub of 172 free, browser-only developer utilities. All tools are zero-signup, zero-upload, and work offline.


1. GraphQL Query Formatter & Minifier

https://devnestio.pages.dev/graphql-formatter/

Paste any GraphQL operation and get:

  • Pretty-print — consistent indentation
  • Minify — strips comments and whitespace for smaller request payloads
  • Validation — brace/parenthesis balance check
  • Operation detection — lists all named query, mutation, subscription, fragment

Useful for quick query cleanup before pasting into code reviews or API docs.


2. Protobuf (.proto) Formatter & Validator

https://devnestio.pages.dev/protobuf-formatter/

Online formatter and validator for Protocol Buffer .proto files:

  • Duplicate field number detection
  • Message and enum structure validation
  • Syntax-highlighted output
  • One-click copy

Great for a sanity check before pushing .proto changes in a gRPC service.


3. Docker Compose Validator

https://devnestio.pages.dev/docker-compose-validator/

Paste your docker-compose.yml to catch:

  • Missing services section
  • Services without image or build
  • Invalid port mappings (80:80, 127.0.0.1:8080:80, 53:53/udp, ranges…)
  • depends_on referencing non-existent services
  • Circular dependency detection (A→B→A)
  • Unknown restart policies
# This will flag errors:
services:
  web:
    ports:
      - "abc:xyz"       # invalid port
    depends_on:
      - missing_service  # unknown service
Enter fullscreen mode Exit fullscreen mode

4. Dockerfile Analyzer & Linter

https://devnestio.pages.dev/dockerfile-analyzer/

Analyzes your Dockerfile for best practice violations across three categories:

Security

  • sudo usage inside RUN
  • Container running as root (no USER instruction)
  • Secrets baked into ENV/ARG (password, secret, token, key)

Image size

  • :latest base image tag
  • apt-get update in a separate RUN (stale cache risk)
  • apt-get install without --no-install-recommends
  • apt cache not cleaned (rm -rf /var/lib/apt/lists/*)
  • ADD used for local files instead of COPY

Layer optimization

  • Consecutive RUN instructions (suggest chaining with &&)
  • High total layer count

Also flags the absence of WORKDIR and celebrates multi-stage builds and HEALTHCHECK when present.


5. Email Header Analyzer

https://devnestio.pages.dev/email-header-analyzer/

Paste raw email headers and instantly get:

Authentication Results

SPF   ✅ pass
DKIM  ✅ pass
DMARC ✅ pass
Enter fullscreen mode Exit fullscreen mode

Phishing investigation often starts here — a failed SPF or DKIM check is a red flag.

Phishing Signals

  • Reply-To domain ≠ From domain — classic impersonation trick
  • Return-Path domain mismatch
  • Spam score / X-Spam-Flag detection

Routing Trace

Parses all Received: headers to show each hop the email traveled through, including originating IP addresses.

Three Tabs

  1. Summary — From/To/Subject/Date/Message-ID + auth status
  2. Routing — hop-by-hop trace with IP addresses
  3. All Headers — raw dump of every header field

Handy when your security team needs to quickly triage a suspicious email without spinning up a full mail analysis tool.


Implementation Notes

All five tools follow the same constraints:

  • Vanilla JS, single HTML file — no bundler, no framework, works offline
  • 80+ Node.js assert tests — core logic is extracted and tested independently of the browser
  • No external YAML/parsing libraries — the Docker Compose validator uses a custom line-by-line indent parser

DevNestio now has 172 tools in total. If there's a utility you'd find useful, drop a comment — I'm always looking for the next one to build.

Top comments (0)