How the Tools Work
Every tool on DevKitBase is designed to keep payloads on your machine. This page summarizes how transforms work and where the honest limits are.
Client-side only
Formatting, encoding, hashing, and parsing run in the browser. There is no server round-trip for the text you paste into a tool.
Hosting (Cloudflare) serves the static app and assets. Optional analytics, if enabled later, measure traffic — not tool payloads.
APIs and libraries
JSON uses the browser JSON parser/stringifier. Base64 and URL helpers use standard Web encoding paths. SHA digests use Web Crypto (SubtleCrypto) where available.
MD5 uses a small pure implementation for legacy checksums. YAML/XML converters use simplified client parsers with documented boundaries — not full enterprise mappers.
JWT and hashes
JWT pages decode header and payload locally (Base64url → JSON). Signatures are not verified. Anyone can decode a token; verification requires keys and crypto elsewhere.
MD5/SHA pages produce digests for checksums and debugging. Do not use them as a password vault or auth design.
Runs in your browser. Nothing is uploaded. Not a security product —hashes and JWT decode are for debugging, not password storage or auth advice.