Value Codes

A no-signup, no-tracking developer utility hub with a small community and content layer. Ten client-side tools (JSON formatter, regex builder, diff checker, base64, color picker, cron builder, JWT decoder, hash generator, mock data, code formatter) plus a sandboxed 19-language online compiler, snippet library, public API directory, blog, and authenticated profiles.

Most free dev tool sites are ad-stuffed, slow, and quietly exfiltrate every paste. Value Codes ships the same tools without trackers, without account walls, and with security primitives (CSP nonces, CSRF, dompurify) treated as load-bearing.

• Express 4 with nonce-based CSP — no unsafe-inline anywhere.
• CSRF protection via csrf-csrf double-submit cookie pattern.
• MySQL-backed sessions with auto-expiration; helmet, rate limiting, dompurify sanitisation.
• Sandboxed 19-language compiler isolated behind a worker pool.
• Octokit-powered GitHub data for community profiles.

• Express 4 with nonce-based CSP, no unsafe-inline anywhere.
• CSRF protection via csrf-csrf double-submit cookie pattern.
• MySQL-backed sessions with auto-expiration, helmet, rate limiting, dompurify sanitization.
• Dynamic sitemap cached 6h, auto-includes articles, snippet categories, API entries.
• Octokit-powered GitHub data for community profiles.

• A strict CSP is the single highest-leverage security control for a tool site.
• EJS + server-rendered HTML beats an SPA when each tool is a single, fast page.
• Community profiles work even without social features — read-only GitHub stat pages drive most traffic.