Stop Pasting Your JWT Tokens Into Random Websites

bore.ddev — Sat, 27 Jun 2026 14:33:40 +0000

I built a 21-tool developer toolkit that runs entirely in your browser. No servers. No sign-ups. No data leaving your machine. Ever. Here's why, and here's what it does.

You're debugging a broken API response at 11 PM. You've got a JWT token in your clipboard, a JSON payload that won't parse, and a CSS-to-Tailwind conversion you've been putting off since Tuesday.

So you open a random "online JSON formatter" from Google. Paste your JWT into a text box labeled "Enter your token here." Click "Decode."

Somewhere, on some server you'll never see, your token is now stored. Along with the 200 other things you've pasted into that tool this month.

That's the problem I kept running into. And it's not just JWT tokens. It's API keys in Base64, test data in JSON, regex patterns you don't want logged, passwords you definitely shouldn't be typing into a random input field.

So I built something different.

What is DevClat?

DevClat is a free, open, client-side developer toolkit with 21 tools — and every single one runs in your browser. No backend. No API calls. No "we take your privacy seriously" banner over a tracking script.

It's a single-page React app. You open it, use it, close it. Your data never touches a server because there is no server.

Try the DevClat Developer Toolkit →

The Tools (All 21 of Them)

I didn't build 21 "me too" utilities. Each tool exists because I personally needed it and got tired of context-switching between 15 browser tabs.

Data Generation

Mock Data Generator — The one that started it all. Pick a preset (Users, Products, Orders, Addresses, Transactions, Posts, Employees, Invoices, Reviews) or build a custom schema with any field type. Output as JSON, CSV, or SQL. Powered by faker.js, running entirely client-side. Generate 100 rows of realistic fake data without sending a single byte over the network.

Lorem Ipsum Generator — Not the usual "lorem ipsum dolor sit amet" generator. Configure paragraph count, copy with one click, done. You've got bigger things to worry about than placeholder text.

Editors & Formatters

JSON Formatter & Validator — Paste broken, minified, or malformed JSON. Get instant pretty-printing, syntax highlighting, and error line highlighting. Collapsible tree view for large payloads. One-click copy. No "Loading..." spinners, no "Your JSON has been saved for analytics."

Text Diff Tool — Git-diff style comparison without opening a terminal. Side-by-side view with line-level and word-level highlighting. Unified, split, and words output modes. A statistics panel that actually tells you what changed. Perfect for comparing config files, API responses, or that SQL migration you're afraid to run.

Regex Tester — Type a pattern, see matches highlighted in real-time. Toggle flags (g, i, m, s, u) without rewriting your regex. Capture groups displayed inline. No more running grep in the terminal just to test if your email regex actually works.

HTML Preview Editor — Side-by-side HTML/CSS/JS editor with instant live preview. Full-page preview mode for when you need to see what your component actually looks like without deploying.

Markdown Preview — Write Markdown on the left, see rendered HTML on the right. Real-time. Supports tables, code blocks, headings, links. Zero friction.

CSS Minifier — Paste CSS, get compressed output. Side-by-side size comparison so you can feel smug about those extra 2KB you just saved.

Converters

CSS to Tailwind Converter — This one's special. Paste raw CSS, get Tailwind utility classes. 200+ property mappings, dark mode support, arbitrary value handling, color palette resolution, and @media block support. Bidirectional — paste Tailwind, get CSS back. I use this daily.

Base64 Encoder/Decoder — Real-time conversion. Full Unicode support. One-click copy. Encoding eyJhbGciOiJIUzI1NiJ9 shouldn't require a three-step process.

URL Encoder/Decoder — Encode and decode URL components instantly. Handles query parameters, path segments, and special characters. Works in both directions.

JWT Token Decoder — Paste any JWT, see the header, payload, and signature decoded instantly. Check expiration, algorithm, and claims. Nothing leaves your browser. This is the tool I wish existed three years ago.

Design Tools

CSS Gradient Builder — Linear, radial, and conic gradients with draggable color stops, angle control, and live preview. Copy the CSS output. No more guessing what linear-gradient(135deg, #667eea 0%, #764ba2 100%) actually looks like.

Box Shadow Generator — Multi-layer support, inset mode, blur, spread, and offset. Live preview with copy-ready CSS output. Build complex shadow systems without opening Figma.

Color Contrast Checker — WCAG 2.1 AA and AAA compliance checking. Enter foreground and background colors, get instant pass/fail results. Accessibility compliance without the accessibility audit.

Generators

QR Code Generator — Enter text or URL, get a downloadable PNG. Canvas-based rendering, no watermarks. Works offline.

Password Generator — Cryptographically strong passwords with configurable length, character types, and a real-time strength meter. The kind of password generator that actually generates strong passwords.

UUID Generator — Batch generate up to 100 UUID v4 identifiers. Standard (hyphenated) or compact format. One click, done.

Timestamp Converter — Unix timestamps to human-readable dates and back. Supports seconds and milliseconds, ISO 8601, and custom date formats. Finally, a timestamp tool that doesn't make you count zeros.

Utilities

Flexbox & Grid Playground — Drag and drop elements to build flexbox and grid layouts visually. See the Tailwind output update in real-time as you adjust gaps and alignment. Learn CSS layout without reading MDN for the 47th time.

Text Tokenizer — Count tokens, words, characters, and lines. Visual token breakdown shows exactly how your text gets tokenized. Essential for LLM prompt engineering and staying within context windows.

The Interactive Terminal (My Favorite Feature)

Here's something you won't find in any other web-based dev tool: a working terminal.

DevClat has a mock CLI built right into the homepage. Type help to see available commands. Type open generator to switch tools. Type list to see everything available.

It auto-types a demo command when you load the page — devclat mock-data --users 3 --format json — and shows you the output in real-time with syntax-highlighted JSON.

This isn't a gimmick. It's a deliberate UX choice. Instead of forcing you to click through a grid of icons to find what you need, the terminal gives keyboard-first users a fast, predictable way to navigate. Type a command, get a result. No hunting, no scrolling.

Click "Try CLI" and the terminal focuses, auto-types help, and shows you exactly how to interact with it.

How It's Built

I'm not going to pretend this is rocket science. The architecture is deliberately simple:

React 19 for the UI
Vite 6 for the build
Tailwind CSS 4 for styling
faker.js for mock data generation
qrcode library for QR code rendering

Every tool is a standalone component. Navigation is managed via a single activeTool state variable — no client-side router, no URL history, no complex state management. Switching tools is instant because everything is already loaded.

The theme system uses CSS variables synced with a JavaScript constants file. Dark mode is default. Light mode works. Both are clean.

The key insight: you don't need a backend for developer tools. Every tool I listed above can be implemented entirely with JavaScript string manipulation, DOM APIs, and browser-native features. The moment you add a server, you add latency, complexity, privacy concerns, and a maintenance burden. I chose none of those.

Why This Matters

There are hundreds of "free online developer tools" out there. Most of them are:

Ad-supported — banner ads, pop-ups, and "disable your ad blocker" notices
Server-dependent — your data gets sent somewhere, processed, and (maybe) deleted
Tracker-heavy — analytics scripts, fingerprinting, and retargeting pixels
Offline-hostile — try using them on a plane or a spotty coffee shop WiFi

DevClat is none of these things. It's a static site. There's nothing to track because there's nothing to send. It works offline because there's nothing to fetch. It's fast because there's nothing to wait for.

Privacy isn't a feature. It's the architecture.

What's Next

I'm adding more tools. The architecture scales trivially — create a component, add it to the tool list, done. Some ideas in the pipeline:

CSS variable inspector
API response mock server (local, via Service Worker)
Diff viewer for entire files
More data presets for the mock generator

If you've got ideas, or if you want to contribute, the project is built to be extended.

Try It

No sign-up. No "free trial." No credit card. Just tools.

Open the Free DevClat Toolkit →

Paste a JWT token. Generate some fake data. Convert CSS to Tailwind. Build a gradient. Check a password's strength. Whatever you need — it's all client-side, all private, all free.

Built with React, Vite, and a deep distrust of random web utilities that ask you to paste your API keys.

DEV Community: bore.ddev