I built a free JSON toolkit with 68+ tools (security scanner, 19 language converters, offline PWA)

After a month of building, I launched jsonwebtools.com — a completely free JSON platform that works offline and never sends your data to a server.

Here’s what’s inside and why I built each feature.

The problem

Every time I needed to quickly decode a JWT, convert JSON to TypeScript, or compare two API responses, I found myself switching between five different sites. Half of them sent my data to their servers. Some required accounts. None worked offline.

So I built one tool that does everything.

What it includes

Core tools

• JSON Validator — real-time validation with exact error line/column
• JSON Formatter — 6 formatting styles (2-space, 4-space, tabs, aligned, sorted, compact)
• JSON Repair — auto-fixes common errors (missing commas, single quotes, trailing commas)
• JWT Decoder — decodes header, payload, signature with expiry check
• JSON Diff — compares two JSON objects and highlights added/removed/changed fields

Security Scanner (my favorite feature)

Automatically scans JSON for:

• XSS patterns (<script>, event handlers)
• SQL injection attempts
• Hardcoded credentials and API keys
• PII data (emails, phone numbers, SSNs)
• Path traversal patterns

Runs automatically on every validation — 100% client-side.

19 Language Converters

Paste JSON and get instant code in:

TypeScript, JavaScript, Python, Go, Rust, C#, Java, Swift, Kotlin, PHP, Ruby, GraphQL, Protobuf, OpenAPI/Swagger, Prisma, SQL, CSV, YAML, XML

Advanced tools

• Batch Validator — drag & drop multiple JSON files
• Performance Benchmark — measures parse/stringify/clone ops/sec
• JSON to HTML Table — generates styled tables from JSON arrays
• Size Analyzer — shows size breakdown by key and data type
• JSON Masking — redacts sensitive fields (4 strategies)
• Mock Data Generator — creates realistic test data
• JSONPath Builder — visual query builder
• JSON Patch (RFC 6902) and JSON Pointer (RFC 6901)

Technical implementation

Everything runs client-side using:

• Monaco Editor (same editor as VS Code) for syntax highlighting
• Service Worker for offline support (PWA)
• localStorage for auto-save and snippets
• Zero backend, zero database, zero cost to run

The security scanner uses regex patterns for known attack signatures. Not perfect, but it catches the obvious issues before they reach your API.

Command Palette (Cmd+K)

With 68+ tools, navigation became a problem. So I added a command palette — press Cmd+K and type any tool name. Fuzzy search works across all tools.

What I learned building this

Client-side is underrated. No server costs, complete privacy, works offline. For dev tools, this should often be the default.

Monaco Editor is incredible but heavy. It’s ~2MB loaded from CDN. Worth it for the VS Code experience, but something to watch for mobile users.

The security scanner is genuinely useful. While building it, I ran it on my own test JSON and discovered hardcoded API keys I had forgotten about.

Try it

👉 jsonwebtools.com — 68+ tools, free forever

I’d love feedback from developers — especially on the language converters (do the generated types/structs look correct?) and the security scanner patterns.