Free Developer Toolkit
Essential tools for developers — JSON formatter, Base64, Regex tester, Color picker, UUID generator, Hash generator, HTML encoder and more. All run in your browser, private & instant.
About JSON Formatter
JSON (JavaScript Object Notation) is the universal data exchange format for web APIs, configuration files, and modern databases. Formatting (pretty-printing) makes deeply nested structures readable by adding consistent indentation. Minifying removes whitespace to reduce file size for production use. Validation checks syntactic correctness - common JSON errors include trailing commas (valid in JavaScript but not JSON), unquoted keys, single-quoted strings, and mismatched brackets.
Practical uses: debugging API responses by pasting the raw JSON to see its structure clearly; formatting configuration files for Git commits; validating JSON schemas before deployment; preparing data payloads for API testing tools like Postman. JSON supports six data types: string, number, boolean, null, array, and object. Keys must always be double-quoted strings. Unlike JavaScript, JSON does not support comments, undefined values, or functions.
About Base64 Encoder and Decoder
Base64 encoding converts binary data into a text-safe ASCII string using 64 printable characters (A-Z, a-z, 0-9, +, /). It is not encryption - anyone can decode Base64 instantly. Base64 increases data size by approximately 33% (every 3 bytes become 4 characters). It is used to embed binary data such as images and files into text-based formats like JSON, XML, HTML, CSS, and email attachments.
Common use cases: embedding images as data URIs in CSS or HTML (data:image/png;base64,...); HTTP Basic Authentication headers where username:password is Base64-encoded; JWT tokens where header and payload are Base64url-encoded; storing binary data in JSON API responses; encoding file attachments in SMTP email using MIME encoding. Base64url is a variant using hyphen and underscore instead of plus and slash, making it safe for URLs and filenames without percent-encoding.
About Regex Tester
Regular expressions (regex) are patterns for matching, searching, and manipulating text. Core syntax: . (any character), * (0 or more), + (1 or more), ? (0 or 1), ^ (start), $ (end), [] (character class), () (capture group), | (OR). Quantifiers: {n} (exactly n), {n,m} (between n and m).
Common patterns: Email validation: ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$; UK phone: ^(\+44|0)[1-9]\d{8,9}$; Indian mobile: ^[6-9]\d{9}$. Flags: g (global — find all matches), i (case-insensitive), m (multiline — ^ and $ match per line). This tester highlights all matches in real time as you type, making it easy to iterate your pattern.
About Color Picker
Color representation in digital design uses multiple formats. HEX (#RRGGBB) is the most common in CSS and design tools, using hexadecimal values 00-FF for each red, green, and blue channel. RGB (red, green, blue) uses decimal values 0-255 per channel. HSL (hue, saturation, lightness) is more intuitive for designers - hue is the colour angle 0-360 degrees, saturation is colour intensity 0-100%, lightness is brightness 0-100%.
Colour accessibility: ensure sufficient contrast ratio between text and background for WCAG AA compliance (minimum 4.5:1 for normal text, 3:1 for large text). Dark text on white has a ratio of 21:1; light grey text on white may fail at 1.5:1. Use this picker to find accessible colour combinations, convert between colour formats for cross-tool compatibility, or build consistent colour palettes. HSL is particularly useful for creating shades and tints by adjusting only the lightness value.
About UUID Generator
A UUID (Universally Unique Identifier) is a 128-bit identifier standardised as a 32-character hexadecimal string in the format 8-4-4-4-12 (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx). UUID version 4 (the most common) is randomly generated. The probability of generating two identical UUIDs is astronomically small - approximately 1 in 5.3 times 10 to the 36th power.
Common use cases: primary keys in databases (avoids sequential ID guessing attacks and enables distributed systems to generate IDs independently without coordination); session tokens; file names for user-uploaded content to prevent overwriting; API correlation IDs for request tracing in microservices; unique identifiers for events in analytics systems. For security-critical tokens like password reset links, use a cryptographically secure random generator and consider shorter, URL-safe token formats rather than full UUIDs.
About Hash Generator
A cryptographic hash function takes input data of any size and produces a fixed-size output (the hash or digest). Key properties: deterministic (same input always produces same output); irreversible (you cannot reconstruct input from hash); avalanche effect (tiny input change completely changes the output). Common algorithms: MD5 (128-bit, 32 hex chars - considered broken for security, use only for checksums); SHA-1 (160-bit - deprecated); SHA-256 (256-bit, current standard); SHA-512 (512-bit, extra security).
Practical uses: file integrity verification (compare hash of downloaded file to the hash published by the official source); password storage (store hash not plaintext, always use bcrypt or Argon2 for passwords rather than plain SHA); API request signing (HMAC uses a secret key with a hash function); generating unique content fingerprints for caching. Never use MD5 or SHA-1 for security-critical applications - use SHA-256 minimum or bcrypt/Argon2 for password hashing.
About HTML Encoder and Decoder
HTML encoding converts special characters to their HTML entity equivalents to prevent browser misinterpretation. Critical characters: less-than sign becomes <, greater-than sign becomes >, ampersand becomes &, double quote becomes ", and single quote becomes ' or '. This prevents content from being interpreted as HTML tags.
Why it matters: Cross-Site Scripting (XSS) attacks inject malicious scripts via unencoded user input that the browser executes as HTML. Always HTML-encode user-supplied content before inserting it into HTML pages. Modern frameworks like React and Angular do this automatically, but raw string concatenation in older code or email templates is vulnerable. Use this tool to safely embed code examples in web pages, encode email template content, or verify that your application is properly escaping user input before display.
About URL Encoder and Decoder
URLs can only contain a safe subset of ASCII characters. URL encoding (also called percent-encoding) converts unsafe characters to a percent sign followed by two hexadecimal digits. For example, space becomes %20, ampersand becomes %26, equals becomes %3D, and forward slash becomes %2F. Query string parameters use plus signs for spaces as an alternative encoding in some contexts.
When to encode: query parameter values (anything after the equals sign in a URL query string) must be encoded if they contain special characters like ampersand, equals, or space. When to decode: when reading URL parameters in server-side code or when displaying URLs to users. Common bug: double-encoding (encoding an already-encoded URL) creates garbled output like %2520 instead of %20. Always encode individual parameter values, not the entire URL structure.
About JWT Decoder
JSON Web Tokens (JWT) are a compact, URL-safe way to transmit claims (assertions about a user or session) between parties. A JWT consists of three Base64url-encoded parts separated by dots: Header (algorithm and token type), Payload (claims - user ID, roles, expiry), and Signature (cryptographic verification). The header and payload are readable by anyone - only the signature proves authenticity.
Important security notes: JWTs are signed, not encrypted by default - never include sensitive data like passwords or full credit card numbers in the payload. Always verify the signature before trusting claims. The alg:none vulnerability allowed attackers to strip signatures on misconfigured servers - always require a specific algorithm server-side. JWT expiry (exp claim) should be short (15 minutes to 24 hours for access tokens); use refresh tokens for longer sessions. This decoder shows the raw header and payload - useful for debugging authentication issues.
About Text Diff Tool
A diff compares two text inputs and highlights what was added, removed, or unchanged between them. This tool uses a line-by-line comparison algorithm highlighting additions in green and deletions in red. It is essential for code review, document version control, proofreading revisions, and verifying data transformations before they go live.
Developer use cases: reviewing changes before committing to Git; verifying that a database migration script only affects intended tables; comparing API responses before and after a code change; checking that a refactoring did not accidentally alter business logic. Content use cases: reviewing edited documents to see exactly what a collaborator changed; comparing two versions of a translated document; verifying that an updated privacy policy only changed the intended sections. For large codebases, Git diff provides this with full version history context.
About Code Minifier
Code minification removes all unnecessary characters from source code - whitespace, line breaks, comments, and long variable names - without changing functionality. Minified JavaScript files typically shrink by 30-60%; CSS files by 20-40%. This reduces page load time, bandwidth consumption, and server costs. Every kilobyte removed improves Time to First Byte (TTFB) and Core Web Vitals scores.
Minification vs. compression: minification changes the content; compression (gzip, Brotli) reduces the transfer size without changing content and happens at the server level. Both are complementary - minify first, then compress. Minified code is unreadable, so always keep source files for development and serve only minified files in production. Build tools like webpack, Vite, Parcel, and esbuild automatically minify code as part of the production build process. Use this tool for quick manual minification of individual files.
About Markdown Previewer
Markdown is a lightweight markup language created by John Gruber in 2004 for writing formatted text using plain text syntax. It converts to HTML automatically. Core syntax: hash symbols for headings (one hash for H1, two for H2); asterisks for bold and italic; hyphens or asterisks for unordered lists; numbers for ordered lists; backticks for inline code; triple backticks for code blocks; square brackets followed by parentheses for links; exclamation mark added for images.
Markdown is used on GitHub (README files, issues, pull requests), Stack Overflow, Reddit, Slack, Discord, Notion, Confluence, and most modern documentation platforms. GitHub Flavoured Markdown (GFM) adds tables, strikethrough, task lists with checkboxes, and syntax highlighting for code blocks. Knowing markdown is a practical skill for any developer or technical writer - it is faster than HTML for writing structured content and renders consistently across platforms.
Educational use only. All tools and course content on SmartUtilz are for informational and study purposes. Results must be independently verified by a qualified engineer before use in any design or safety-critical application. Read full disclaimer →