abhilaksh-aroraThe dirty secret of online dev tools Every dev tool lives on a different website. jwt.io...
Every dev tool lives on a different website.
jwt.io for JWT decoding.
regex101 for regex testing.
Some random site for JSON formatting.
Another for diff checking.
Another for curl → code.
Another for SQL formatting.
You end up with 10 bookmarks, 10 different UIs,
and 10 different servers that just received your
most sensitive data — and you never think twice
about it.
I didn't either. Until I did.
Let's take jwt.io as an example.
Your JWT contains:
When you paste it into jwt.io — it hits their
server. It's in their request logs. Maybe forever.
The same goes for regex101. Your regex patterns
often encode business logic — validation rules,
data formats, internal naming conventions. That
goes to their database.
And every online JSON formatter, diff checker,
SQL tool, .env checker you've ever used? Same story.
You're not just sharing data. You're sharing the
shape of your system.
Most of the time nothing bad happens. But "most
of the time" is a terrible security posture for
a developer who knows better.
The more I thought about it, the more it bothered me.
I was pasting production JWTs. Real API keys.
Actual .env files with database URLs. Into random
websites I knew nothing about.
So I built DevTab - devtab.in
One tab. 110+ dev tools. Zero server calls.
Everything runs 100% in your browser via
client-side JavaScript and WebAssembly.
Open DevTools → Network while using it.
Nothing fires.
That's not a marketing claim. It's verifiable
in 10 seconds.
Adding new tools every week. 146 planned total.
The architecture rule is simple:
Every tool that can run client-side must.
All transform, format, decode, and calculate
tools are pure TypeScript running in your browser.
No backend call. No API. No nothing.
The only planned exceptions are AI-powered Pro
tools — SQL explainer, stack trace debugger,
README generator — and those will be clearly
labelled as making server calls. Every other
tool: zero.
Tech stack:
Each tool gets its own URL and SEO landing page.
So /tools/jwt-decoder targets "jwt decoder online",
/tools/json-formatter targets "json formatter online"
and so on. 110+ tools = 110+ SEO entry points into
one product.
Most dev tool sites are built to be useful.
DevTab is built to be trustworthy first, useful second.
The difference:
| Other tools | DevTab |
|---|---|
| Your data hits their server | Stays in your browser |
| Request logs exist | No requests to log |
| You hope they're secure | Nothing to breach |
| Signup to save history | No signup needed |
| Free tier, paid for "privacy" | Free, private by default |
Privacy isn't a feature you unlock. It's the
architecture.
devtab.in — free, no signup, no uploads, ever.
Open DevTools → Network while using it.
Verify the claim yourself.
I'm adding new tools every week based on what
people request. What tool do you keep googling
that should be here? Drop it in the comments 👇
Built this as a side project while working as
an SDE. If you found it useful, share it with
a dev friend who's been pasting JWTs into
jwt.io without thinking about it.