Back to Projects
AstroReactTailwind CSSPrivacyOpen SourceCloudflare Pages

ToolsYard

A privacy-first browser toolbox — EML/MSG file inspection, diff checking, and word counting, all processed client-side with zero uploads and no backend.

GitHub Chrome Web Store
ToolsYard — Privacy-first browser tools

The Problem

In day-to-day operations work, you run into a certain class of tasks constantly: inspect a suspicious email header, check whether an .eml file actually passed SPF/DKIM/DMARC, compare two config outputs side by side, or count down to a character limit before pasting into a form.

None of these tasks are hard. But the tools you reach for online all share the same problem — they upload your data to a server you don’t control.

Paste a .msg file from an inbox into an online parser? Your email contents, sender metadata, and attachment names are now sitting on someone’s infrastructure. Upload an .eml for header analysis? Same story. These aren’t hypothetical concerns. When the files contain internal infrastructure details, customer data, or incident-related communications, even a “helpful” SaaS tool is a risk.

We kept running into this friction. You’d want a quick answer, find a tool that promised it, then either accept the privacy tradeoff or spend 10 minutes trying to do it locally with a Python script and a few Stack Overflow tabs.

What We Built

ToolsYard is a collection of browser-based utilities where all processing happens on your device — no data ever leaves the tab.

Four tools, each built to solve a specific recurring pain point:

EML Inspector

The trigger for the whole project. Analyzing .eml files — raw email exports — should be instant. EML Inspector parses the full file in the browser using postal-mime, then surfaces:

  • Header inspection — From, To, Reply-To, Message-ID, all routing hops
  • Security protocol validation — SPF, DKIM, and DMARC results extracted directly from the headers
  • Phishing signals — mismatched sender domains, suspicious reply-to addresses, header anomalies

What used to require piping files through a command-line tool or trusting a third-party analyzer is now a local drag-and-drop.

MSG Inspector

Outlook’s .msg format is a different beast — a binary format most tools don’t handle well without server-side processing. We integrated @kenjiuno/msgreader to decode it entirely in the browser. MSG Inspector exposes:

  • Transport headers (the same routing and authentication chain as EML)
  • Embedded attachments, viewable without extraction
  • Recipient and sender metadata

This was a direct response to a real scenario: receiving forwarded .msg files during email security investigations and having no clean, safe way to inspect them without installing desktop software.

Diff Checker

The existing diff tools online work fine — until you’re comparing infrastructure configs, environment variables, or log snippets that you’d rather not paste into a public form. ToolsYard’s Diff Checker does character-level, side-by-side comparison with syntax highlighting, entirely in the browser.

Word Counter

The simplest tool but consistently one of the most used. Live counts for characters, words, lines, and paragraphs — with space visualization that shows you exactly what’s being counted. Built because the common alternatives either add character limits, inject ads, or are slow to respond on longer pastas.

The Architecture Decision

The core constraint — no backend, no uploads — shaped every technical choice.

Astro 6 handles the static build. Pages are pre-rendered; there’s nothing dynamic server-side. React 19 islands power the interactive tool components. Tailwind CSS v4 for styling. The whole thing deploys to Cloudflare Pages, which means global edge delivery with no origin server to maintain.

The parsing libraries (postal-mime for EML, @kenjiuno/msgreader for MSG) are both designed to run in browser environments — no server-side Node.js APIs, no file system access required. Processing stays in a Web Worker where possible, keeping the UI responsive even on larger files.

The result is a site that has genuinely zero backend surface area. There’s no API to compromise, no database to breach, no server logs to subpoena. The privacy guarantee isn’t a policy — it’s the architecture.

Open Source

ToolsYard is fully open source. The code is on GitHub if you want to audit exactly what runs when you drop a file in, add a tool, or self-host your own instance. Privacy tools should be inspectable.

All projects View source on GitHub