Articles
Long-form developer guides on the obfus.link utility grid — what each tool does, when to use it, and how to compose it into production code and agent pipelines.
Generators
Multi-algorithm hashing + verify mode with auto-detection
Generate hashes across MD5, SHA-1, SHA-256, SHA-384, SHA-512, SHA-3 variants, BLAKE2b, and BLAKE3 from one input. Verify mode accepts a known hash and auto-detects the algorithm from the hash length.
Converters
Bytes, CSS units, LLM tokens: developer-specific unit conversion
Convert data sizes (with IEC vs SI base toggle), CSS units (with configurable base font and viewport), LLM tokens (with per-model tokenizer ratios for GPT-4, Claude, Llama 3, Gemini), time, and frequency.
Encoders
Multi-context escape chains for SQL-in-JSON-in-URL nested payloads
Escape strings for safe embedding in JSON, SQL, HTML, regex, shell, URI, CSV, or XML. Chain multiple contexts in order for nested destinations — the only way to safely escape a SQL value inside a JSON payload inside a URL parameter.
Converters
Epoch ↔ ISO 8601 ↔ "3 days ago": multi-format roundtrip + multi-timezone
Convert any timestamp between epoch seconds, epoch milliseconds, ISO 8601, RFC 2822, human-readable, and relative formats. Auto-detect from any input format; render the same instant in multiple timezones simultaneously with DST awareness.
Encoders
Base64 with auto-detect: identifying JSON, JWTs, PEM certs, and image data in opaque payloads
Encode and decode base64 in standard, URL-safe, or MIME variants. Identify mode auto-detects the variant, classifies the decoded content type (JSON, JWT, PEM, image, plain text), and returns parsed JWT segments when applicable.
Encoders
Context-aware HTML encoding: avoiding double-encoding bugs in JSON, XML, and URL embeddings
Encode HTML content for safe embedding in HTML bodies, JSON strings, XML attributes, or URL parameters. Auto-detects the destination context, eliminating the double-encoding bugs that come from applying the wrong escape rule.
Analyzers
Deep URL parsing: recursive query decode for OAuth + webhook callbacks
Parse any URL with optional recursive decoding of query parameter values — base64, URL-encoded, JWT, nested JSON, and inner URLs all unpacked. Security flags surface credentials in query strings, open-redirect patterns, and other leakage risks.
Generators
Markdown tables from CSV, TSV, JSON, and HTML — bidirectional
Import CSV, TSV, JSON arrays, or HTML tables into properly-aligned markdown tables. Or reverse: export a markdown table to CSV, TSV, or JSON for downstream processing. Lossless round-trip for the structural data.
Validators
XML sitemap validation with crawl-budget analysis
Validate XML sitemaps against the sitemaps.org schema with per-line error reporting, plus crawl-budget analysis that surfaces priority dilution, lastmod staleness, and the 50,000-URL cap. Catches structural issues before Google does.
Generators
robots.txt with SEO impact simulation
Generate a robots.txt from structured rules and simulate the result against an array of URLs. Catches the false positives (overly broad disallow, accidentally blocked CSS/JS) before deploy.
Converters
XML to JSON with attribute, namespace, and CDATA preservation
Convert XML to JSON while preserving attributes, namespaces, and CDATA sections as structured metadata — or use simple mode for lossy one-way consumption. Reverse direction (JSON to XML) for round-trip workflows. XXE-safe by default.
Converters
Humanizing cron expressions + conflict detection across crontabs
Translate any cron expression to plain English with next-run computation, and detect collisions and resource-contention windows across an array of cron expressions. Catches scheduling conflicts before they hit production.
Validators
Password policy auditing with NIST 800-63B compliance
Evaluate individual passwords for entropy and crack-time, OR evaluate an entire password policy against NIST SP 800-63B recommendations. Returns letter grades, severity-ranked findings, and a remediation plan.
Validators
Pre-deploy .env gate: diffing example vs local, type mismatches, secret detection
Validate any .env content against syntax rules or diff it against a canonical .env.example. Surfaces missing keys, extra keys, type mismatches, and credential-looking values before deploy. Catches config errors before the container crashes.
Analyzers
JSONPath + jq in one tool: dual-syntax querying with path suggestions
Query any JSON with JSONPath or jq syntax through one API. Suggestion mode recommends extraction expressions when the schema is unknown; tree-overview metadata surfaces the JSON's shape before querying.
Generators
Five modern CSS effects in one tool: glassmorphism, neumorphism, aurora, noise, mesh-gradient
Generate glassmorphism, neumorphism, aurora gradients, noise overlays, or mesh gradients with one tool call. Outputs raw CSS, Tailwind utility classes, and React inline style objects simultaneously for the same parameters.
Analyzers
OWASP security header scorecard with prioritized remediation
Paste any HTTP response headers and get a security grade A+ through F against the OWASP Secure Headers Project recommendations. Per-category breakdown for HSTS, CSP, CORS, X-Frame, and Permissions-Policy plus a structured CORS analyser.
Generators
UUID v4 vs v7: collision math, database indexes, forensic decoding
Generate UUID v7 or v8 with optional monotonic sequence, decode any UUID to recover its version, embedded timestamp, and variant, and run a collision analysis with database migration recommendations.
Validators
Regex from examples + cross-flavor translation across JS, Python, Go, Rust, PCRE
Verify a regex against test cases with anti-pattern detection, generate a regex from positive and negative examples, or translate between five regex dialects with per-feature warnings for incompatibilities.
Generators
JSON to Zod with branded types, Auto-JSDoc, and date strategy
Convert any JSON payload into a production-grade Zod schema with optional branded ID types, JSDoc generation, and configurable date handling — replace a 400-line hand-written schema with one tool call.
Analyzers
Structural diff: comparing JSON, YAML, and code without formatting noise
Compare two text inputs as JSON structure (ignore key order), YAML structure (ignore comments and reordering), or AST (ignore formatting in JavaScript, TypeScript, Python). Surface only the changes that matter.
Converters
SQL formatting + dialect transpilation across PostgreSQL, MySQL, SQLite, MSSQL
Format any SQL query with configurable indent and keyword casing, and optionally translate dialect-specific syntax between PostgreSQL, MySQL, SQLite, and MSSQL with per-change documentation and unsupported-feature warnings.
Converters
YAML to .env with secret-scanning and platform formatters
Convert any YAML configuration into a flattened .env file with secret-credential scanning and platform-specific formatters for Vercel, Railway, Fly.io, and Docker Compose. Generic .env output also supported.
Obfuscators
Scope-aware identifier mangling with reversible mapping and Devcore mode
Obfuscate variable, function, and class identifiers in JavaScript, TypeScript, or Python with scope-targeted partial mangling, reversible mappings for round-trip workflows, and themed Devcore vocabularies for CTF and code-as-art.
Generators
Webhook signature verification across Stripe, GitHub, Twilio, Shopify, Slack
Verify incoming webhook signatures with provider-specific templates that encode each service's exact signing scheme. Generate HMAC signatures for outbound HMAC-authenticated calls in one tool call per provider.
Converters
curl to fetch: secret extraction, retry wrappers, annotated output
Translate any curl command to fetch, axios, node-fetch, got, or ky. Optional env-var extraction hoists credentials to process.env; optional retry wrapper produces production-ready code with exponential or linear backoff.
Encoders
Preparing images for Claude, GPT-4V, and Gemini in one call
Convert any image format to base64 with provider-optimal resize, EXIF stripping, and ready-to-paste vision message blocks for Claude, GPT-4V, or Gemini. Replaces five manual steps with one tool call.
Analyzers
Dead exports: from detection to package.json sideEffects
Static AST analysis of any ESM or CJS module identifies dead exports, side-effecting top-level code, and the bundle-size impact of each finding. Generates a slim replacement barrel file and the correct package.json sideEffects field.
Analyzers
JWT hardening: a production audit checklist
Decode any JWT (no signing key required) and surface its security posture against RFC 7519, RFC 8725, and OWASP guidance. Hardened-spec mode generates a recommended replacement structure with a unified diff to guide code fixes.
Converters
Recovering structured JSON from malformed LLM responses
Repair markdown-wrapped, comma-laden, smart-quoted, or truncated LLM output without a retry round-trip. Optional schema validation pass and a confidence score that tells you when to trust the result and when to escalate.
Obfuscators
Double-hop URL encryption: keeping destinations out of referrer logs
AES-256-GCM encrypted link shortening with single or double-hop redirect chains, click-limited self-destructing links, and zero-knowledge passphrase gates — for sharing internal URLs without leaking them.