DEV Community

Cover image for Building ToolHover: A Privacy-First Toolkit That Ranked #107 on Product Hunt ๐Ÿš€
QuantumRegex
QuantumRegex

Posted on • Originally published at toolhover.com

Building ToolHover: A Privacy-First Toolkit That Ranked #107 on Product Hunt ๐Ÿš€

TL;DR

I built a privacy-first web toolkit with 20+ free online tools using Next.js 15 and React 19. It ranked #107 out of 400+ products on Product Hunt. All processing happens client-sideโ€”your data never leaves your browser. Check it out at toolhover.com


The Problem ๐Ÿค”

Ever needed to quickly convert text to base64, generate a secure password, or format JSON, but hesitated because you didn't trust where your data was going?

Most online tools send your data to their servers. For sensitive information like passwords, API keys, or personal data, this is a privacy nightmare.

The Solution: Privacy-First Architecture ๐Ÿ”’

ToolHover processes everything in your browser using modern Web APIs. Zero server-side processing. Zero data collection. Zero cookies.

User Input โ†’ Browser Memory โ†’ Processing โ†’ Result
                     โ†‘
              Never leaves here!
Enter fullscreen mode Exit fullscreen mode

Tech Stack ๐Ÿ’ป

I went all-in on modern web technologies:

  • Next.js 15.5.2 (App Router) - Static site generation
  • React 19.1.0 - Component architecture
  • TypeScript - Type safety across the board
  • Tailwind CSS - Rapid UI development
  • Cloudflare CDN - Global distribution
  • Nginx - Static file serving

Why Static Site Generation?

npm run build
# Generates pre-rendered HTML/CSS/JS
# Deploy anywhere - no Node.js runtime needed
# Lightning fast: <1.2s FCP, <2.0s LCP
Enter fullscreen mode Exit fullscreen mode

SSG gives us:

  • Performance: Core Web Vitals in the "Good" range
  • Security: No server-side attack surface
  • Cost: Serve from any CDN for pennies
  • Reliability: No backend to crash

Tool Categories ๐Ÿ› ๏ธ

1. Text Tools

2. Developer Tools

3. Math & Unit Tools

4. Productivity Tools

  • QR Code Generator - Create downloadable QR codes
  • Random Picker - Unbiased random selections (coming soon)

Key Implementation Details ๐Ÿ”จ

Cryptographically Secure Password Generation

function generateSecurePassword(length: number, charset: string): string {
  const array = new Uint8Array(length);
  crypto.getRandomValues(array); // CSPRNG - not Math.random()!

  return Array.from(array)
    .map(x => charset[x % charset.length])
    .join('');
}
Enter fullscreen mode Exit fullscreen mode

Why this matters: Math.random() is NOT cryptographically secure. We use the Web Crypto API for true randomness.

Hash Generation with SubtleCrypto API

async function generateHash(
  text: string,
  algorithm: 'SHA-256' | 'SHA-512'
): Promise<string> {
  const encoder = new TextEncoder();
  const data = encoder.encode(text);
  const hashBuffer = await crypto.subtle.digest(algorithm, data);

  return Array.from(new Uint8Array(hashBuffer))
    .map(b => b.toString(16).padStart(2, '0'))
    .join('');
}
Enter fullscreen mode Exit fullscreen mode

Native browser crypto APIs are fast and secure.

Real-Time Text Analysis

interface TextStats {
  characters: number;
  charactersNoSpaces: number;
  words: number;
  sentences: number;
  paragraphs: number;
  readingTime: number; // minutes at 200 WPM
}

function analyzeText(text: string): TextStats {
  return {
    characters: text.length,
    charactersNoSpaces: text.replace(/\s/g, '').length,
    words: text.trim() ? text.trim().split(/\s+/).length : 0,
    sentences: text.split(/[.!?]+/).filter(s => s.trim()).length,
    paragraphs: text.split(/\n\n+/).filter(p => p.trim()).length,
    readingTime: Math.ceil(text.trim().split(/\s+/).length / 200)
  };
}
Enter fullscreen mode Exit fullscreen mode

Time complexity: O(n) - efficient even for long documents.


Performance Optimization ๐Ÿš„

Code Splitting

Each tool is lazy-loaded:

const TextCounter = dynamic(() => import('./text-counter/page'));
const Base64Tool = dynamic(() => import('./base64-encoder/page'));
Enter fullscreen mode Exit fullscreen mode

Results:

  • Initial bundle: ~85 KB (gzipped)
  • Per-tool chunks: ~15-30 KB
  • 60% reduction in initial load time

Bundle Analysis

Page                     Size      First Load JS
โ”€ /                      2.5 kB    85.2 kB
โ”€ /text-tools            3.1 kB    88.8 kB
โ”€ /developer-tools       2.9 kB    87.6 kB
โ”€ /tools/text-counter    4.2 kB    89.9 kB

Average: ~88 KB per route
Enter fullscreen mode Exit fullscreen mode

Lighthouse Score

Performance:     96/100 โœ…
Accessibility:   100/100 โœ…
Best Practices:  100/100 โœ…
SEO:             100/100 โœ…
Enter fullscreen mode Exit fullscreen mode

Security Best Practices ๐Ÿ›ก๏ธ

Security Headers (Nginx)

add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
Enter fullscreen mode Exit fullscreen mode

SSL/TLS Configuration

  • Let's Encrypt SSL (auto-renewal)
  • Cloudflare Full (Strict) SSL
  • TLS 1.2+ only
  • Modern cipher suites
  • HSTS enabled

Content Security Policy

Content-Security-Policy:
  default-src 'self';
  script-src 'self' 'unsafe-inline';
  style-src 'self' 'unsafe-inline';
Enter fullscreen mode Exit fullscreen mode

Product Hunt Success ๐ŸŽฏ

Achievement: Ranked #107 out of 400+ products on Product Hunt

Key Takeaways:

  1. Privacy sells: Users care about data security
  2. Developer tools market: Strong demand for comprehensive toolkits
  3. Performance matters: Fast tools get shared
  4. SEO is essential: Organic traffic drives growth

Lessons Learned ๐Ÿ’ก

What Worked

  1. Client-side processing: Users love privacy
  2. Static site generation: Amazing performance + low cost
  3. TypeScript: Caught bugs early
  4. Tailwind CSS: Rapid prototyping
  5. Code splitting: Essential for bundle size

What I'd Do Differently

  1. Progressive Web App: Add offline support earlier
  2. Analytics: Need privacy-preserving metrics
  3. Testing: More automated tests
  4. Documentation: API docs from day one
  5. Mobile app: React Native version

Future Roadmap ๐Ÿ—บ๏ธ

Short-term (Q4 2025)

  • [ ] Advanced JSON tools (JSON Path, Schema validation)
  • [ ] Image processing (compression, format conversion)
  • [ ] More crypto tools (RSA keys, digital signatures)
  • [ ] Public API for developers

Medium-term (Q1-Q2 2026)

  • [ ] Progressive Web App (offline mode)
  • [ ] Browser extension (Chrome, Firefox)
  • [ ] Collaborative features (shareable sessions)
  • [ ] VS Code extension

Long-term (2026+)

  • [ ] Mobile apps (iOS, Android)
  • [ ] Developer API with rate limiting
  • [ ] Premium features (bulk operations)
  • [ ] Open source the codebase

Open Source Plans ๐Ÿ“–

Planning to open source the entire project under MIT license. The goal is to create a reference implementation for:

  • Privacy-first web applications
  • Next.js 15 static sites with optimal performance
  • Client-side cryptography best practices
  • SEO for tool-based websites

GitHub: Coming soon (cleaning up code first!)


Try It Out! ๐ŸŽฎ

Live site: toolhover.com

Popular tools:


Conclusion ๐ŸŽฌ

Building ToolHover taught me that:

  1. Privacy is a feature: Users actively seek privacy-respecting tools
  2. Performance is marketing: Fast tools get bookmarked and shared
  3. Static sites are underrated: Modern SSG can handle complex applications
  4. Community validation matters: Product Hunt feedback shaped the roadmap

The modern web platform is incredibly powerful. With the Web Crypto API, SubtleCrypto, and other native APIs, we can build sophisticated tools entirely client-side.

No servers. No tracking. No compromises.

If you're building web tools, consider the privacy-first approach. Your users will thank you.


Discussion ๐Ÿ’ฌ

Questions for the community:

  1. What tools would you like to see added?
  2. Should I open source it now or wait until more polished?
  3. Any security concerns with the current architecture?
  4. Interested in contributing once it's open sourced?

Drop your thoughts in the comments! ๐Ÿ‘‡


Connect ๐Ÿค


This post is part of a series documenting the development of ToolHover. Follow for updates on new tools, performance optimizations, and eventually open-sourcing the codebase!


Performance metrics and rankings accurate as of October 2025.

Top comments (0)