About six months into building Tanvrit, our team had a recurring problem: we needed quick access to a handful of developer utilities dozens of times a day. Decode a JWT to debug an auth issue. Test a regex pattern before putting it in production. Generate app icons for a new product. Check a colour contrast ratio. Convert a Unix timestamp.
The tools we found online were mostly terrible in the same ways: slow to load, covered in ads, requiring an account to unlock basic features, and — most importantly for anything involving real data — uploading your input to a server you knew nothing about. We were not going to paste a JWT containing user claims or a production private key into a random website. We needed tools we could trust.
So we built the tools we needed, made them free, open, and privacy-first, and shipped them at tanvrit.com/tools. This post explains the philosophy behind them, the specific problems each tool was built to solve, and what we have learned building for developer workflows.
The Browser Tab Graveyard Problem
Ask any developer to share their browser bookmarks, and you will find a collection of utility sites that they return to constantly. A JWT decoder. A regex tester. A Base64 converter. A JSON formatter. A colour picker. A cron expression generator. A Unix timestamp calculator. These are the tools that live permanently in pinned tabs or are re-searched every time they are needed, because nobody can remember the exact URL.
The deeper problem is what happens when you actually use these tools. You navigate to the site, wait for it to load (often several seconds because it is ad-heavy), find the actual input buried under a banner ad and a newsletter popup, paste your data, and finally get a result. Then you close the tab, go back to your IDE, and remember that you needed to do one more thing — which means reopening the tab, finding it again, and repeating the entire process. Individually, each instance costs maybe 45 seconds. Multiply that by dozens of times per day across an entire team, and you have a meaningful productivity drain.
The tools at the top of Google results for most developer utilities are SEO-optimised, ad-monetised sites where the actual tool is secondary. The incentive structure does not reward making the tool faster or simpler — it rewards maximising page views, time on site, and ad impressions. That is exactly backwards from what developers need.
Privacy Concerns with Online Developer Tools
The privacy issue is more serious than most developers think about day-to-day. Consider what gets pasted into online JWT decoders: tokens from production systems containing real user IDs, email addresses, role assignments, and session metadata. Or into online password generators: the generated password might be logged server-side. Or into online regex testers: sample data from your application that might include PII.
Most online tool sites do not publish privacy policies that meaningfully address this. Even sites with good intentions can be compromised, can change ownership, or can have their analytics or advertising scripts harvest form input. A developer pasting a JWT from a healthcare application into an online decoder should think carefully about whether they are violating their data handling obligations — even if nothing "bad" happens as a result.
The only technically sound answer is that the tool must run in the browser without sending data to any server. This is not a marketing claim we make for its own sake — it is a meaningful architectural constraint that we applied to every tool we built.
Our Philosophy: Zero Server, Zero Tracking
Every tool at Tanvrit follows the same principle: if the operation can be done in the browser, it is done in the browser. No server round-trips, no backend processing, no data logging. The tools are JavaScript applications deployed as static files to a CDN. When you use them, the computation happens on your device using your CPU and memory.
This has several consequences beyond privacy. The tools are fast — there is no network latency for processing, no server cold-start, no queue. They work offline once the page has loaded. They have no rate limits, because there is no server to protect. And they scale trivially to any number of simultaneous users without infrastructure cost.
We also do not use analytics tools that track individual users across sessions. We track page-level aggregate data (which tools are used, general geographic region) for product decisions, but nothing that could identify a specific user or session.
What Makes a Developer Tool Great
Having thought carefully about tool design while building these, we have landed on a set of principles we apply to every tool:
- Instant response. The tool must respond to input immediately — as you type, not on submit. Validation, parsing, and transformation should all be live. A tool that requires you to click a button and wait adds friction that breaks the flow of thought.
- Keyboard-first. Developers keep their hands on the keyboard. Tab navigation, keyboard shortcuts for common actions, and copy-to-clipboard via keyboard should all work without reaching for the mouse.
- No required account or sign-up. If the tool requires authentication to function, it will not be used by someone mid-debugging session. The tools should be fully functional without any account.
- Clean, focused UI. One tool per page. No cross-selling banners, no popups, no newsletter forms. The input field should be the most prominent thing on the page.
- Useful error messages. When input is invalid, tell the developer specifically what is wrong. "Invalid input" is useless. "JWT signature is invalid — check that your secret key is correct" is useful.
- Offline capability. Once loaded, the tools should work without internet. This matters on flights, in offices with unreliable WiFi, and in India where mobile connections can drop unexpectedly.
The Tools We Built and Why
JWT Decoder
JWTs are in every modern web application, and debugging auth failures invariably starts with "what does this token actually contain?" The Tanvrit JWT decoder parses the header and payload, shows every claim with its decoded value, displays the expiry time in human-readable format, and flags tokens that are expired or missing required claims. It is the first tool we built because it was the tool we reached for most often.
Regex Tester
Regular expressions are notoriously difficult to write correctly without immediate feedback. The regex tester shows matches as you type, highlights capture groups with distinct colours, lists all matches found, and displays captured group values. It supports all standard JavaScript regex flags. The live feedback loop is what makes it useful for actually learning regex, not just running patterns.
App Icon Generator
Every time we shipped a new product, we spent 40 minutes manually resizing the app icon for iOS, Android, macOS, and PWA requirements. The icon generator accepts a single source image and outputs a ZIP containing every required size, correctly named for each platform's file naming conventions. It uses the browser Canvas API for resizing; your image never leaves your device.
CSS Gradient Generator
We use CSS gradients heavily in our own UI. Writing complex multi-stop gradients by hand is tedious and the iteration loop (edit CSS, reload page, evaluate) is slow. The gradient generator provides a live visual editor for linear, radial, and conic gradients with draggable colour stops and immediate CSS output. It generates clean, minimal CSS — no vendor prefixes that haven't been needed since 2016.
Colour Contrast Checker
Accessibility is not optional, and colour contrast is one of the most commonly failed criteria in WCAG audits. The contrast checker validates foreground and background colour pairs against WCAG 2.1 AA (4.5:1 for normal text, 3:1 for large text) and AAA (7:1) standards, so you know whether your text is readable before you ship. It accepts hex, RGB, and HSL colour values.
JSON Formatter
Minified JSON in API responses and log files is unreadable. The JSON formatter parses, pretty-prints, and syntax-highlights any JSON input. It also validates the JSON and reports the exact location of syntax errors — a missing comma on line 47 of a 200-line JSON blob is hard to find manually. The formatter handles arbitrarily large JSON objects without sending them anywhere.
What's on the Roadmap
We have a backlog of tools that we use internally and plan to publish. The next batch includes a Base64 encoder and decoder (handling both standard and URL-safe variants), a UUID generator (v4 and v7), a Unix timestamp converter, an HTML entity encoder and decoder, acron expression builder with human-readable description, and a diff viewer for comparing two blocks of text or JSON.
We also track requests from users — if there is a tool you reach for constantly and the current options are slow, ad-heavy, or privacy-unfriendly, we want to hear about it. The bar for adding a tool to Tanvrit is simple: if it is something a developer would use regularly and we can build it in a way that is meaningfully better than what exists, we will.