feat. add crontab explainer

.eslintrc.json

@@ -0,0 +1,3 @@
+{
+  "extends": "next/core-web-vitals"
+}

.github/PULL_REQUEST_TEMPLATE.md

@@ -24,6 +24,7 @@ _Add screenshots of relevant screens_
 
 - [ ] My PR follows the style guidelines of this project
 - [ ] I have performed a self-check on my work
+- [ ] If `package.json` is unchanged, `package-lock.json` is also unchanged in this PR
 
 **If changes are made in the code:**
 

.github/workflows/lockfile-guard.yml

@@ -0,0 +1,51 @@
+name: Lockfile Guard
+
+on:
+  pull_request:
+    branches:
+      - develop
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  lockfile-guard:
+    name: Prevent unintended lockfile churn
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Validate package and lockfile changes
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          BASE_SHA="${{ github.event.pull_request.base.sha }}"
+          HEAD_SHA="${{ github.event.pull_request.head.sha }}"
+
+          CHANGED_FILES="$(git diff --name-only "$BASE_SHA" "$HEAD_SHA")"
+
+          PACKAGE_CHANGED="false"
+          LOCK_CHANGED="false"
+
+          if echo "$CHANGED_FILES" | grep -qx "package.json"; then
+            PACKAGE_CHANGED="true"
+          fi
+
+          if echo "$CHANGED_FILES" | grep -qx "package-lock.json"; then
+            LOCK_CHANGED="true"
+          fi
+
+          if [ "$LOCK_CHANGED" = "true" ] && [ "$PACKAGE_CHANGED" = "false" ]; then
+            echo "❌ package-lock.json changed without package.json changes."
+            echo "If your PR does not intentionally change dependencies, discard lockfile changes:"
+            echo "git checkout -- package-lock.json"
+            exit 1
+          fi
+
+          echo "✅ Lockfile check passed."

.github/workflows/release.yml

@@ -35,5 +35,6 @@ jobs:
 
       - name: Run semantic release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+          GH_TOKEN: ${{ secrets.RELEASE_TOKEN }}
         run: npx semantic-release

CHANGELOG.md

@@ -1,3 +1,44 @@
+# [1.4.0-develop.5](https://github.com/betterbugs/dev-tools/compare/v1.4.0-develop.4...v1.4.0-develop.5) (2026-03-05)
+
+
+### Bug Fixes
+
+* **release:** update GITHUB_TOKEN to use RELEASE_TOKEN for semantic release ([be3a012](https://github.com/betterbugs/dev-tools/commit/be3a012c6d7df84ab5826ce03268ec8aad402c15))
+
+
+### Features
+
+* **tools:** add SVG to React/CSS utility ([218ccad](https://github.com/betterbugs/dev-tools/commit/218ccad3c5eb7121a9bd7319147520eb39713695)), closes [#50](https://github.com/betterbugs/dev-tools/issues/50)
+
+# [1.4.0-develop.4](https://github.com/betterbugs/dev-tools/compare/v1.4.0-develop.3...v1.4.0-develop.4) (2026-03-03)
+
+
+### Features
+
+* Add lockfile guard workflow to prevent unintended lockfile changes ([aa20fb5](https://github.com/betterbugs/dev-tools/commit/aa20fb5422aae56e9d80f7472a6f974624431572))
+
+# [1.4.0-develop.3](https://github.com/betterbugs/dev-tools/compare/v1.4.0-develop.2...v1.4.0-develop.3) (2026-03-03)
+
+
+### Features
+
+* Add IPv4 Subnet Calculator Tool ([ad1c03f](https://github.com/betterbugs/dev-tools/commit/ad1c03fd0065f0cfce409b72882188dc7de630d0)), closes [#33](https://github.com/betterbugs/dev-tools/issues/33)
+* Add Smart Repair feature to JSON Validator ([#41](https://github.com/betterbugs/dev-tools/issues/41)) ([7a3c7a5](https://github.com/betterbugs/dev-tools/commit/7a3c7a5008d4236d954e1c20482635b0a0da5ef0)), closes [#38](https://github.com/betterbugs/dev-tools/issues/38)
+
+# [1.4.0-develop.2](https://github.com/betterbugs/dev-tools/compare/v1.4.0-develop.1...v1.4.0-develop.2) (2026-02-28)
+
+
+### Bug Fixes
+
+* **tools:** implement proper bcrypt generator ([94d19be](https://github.com/betterbugs/dev-tools/commit/94d19be7e4b8d9256557e7668898ec4d6c3ca15c)), closes [#23](https://github.com/betterbugs/dev-tools/issues/23) [#13](https://github.com/betterbugs/dev-tools/issues/13)
+
+# [1.4.0-develop.1](https://github.com/betterbugs/dev-tools/compare/v1.3.2...v1.4.0-develop.1) (2026-02-28)
+
+
+### Features
+
+* **ui:** add reusable CopyButton and refactor wordCounter and jsonToTxt ([d5b9e83](https://github.com/betterbugs/dev-tools/commit/d5b9e8333673c5254cf39529a90869b1b741e385)), closes [#17](https://github.com/betterbugs/dev-tools/issues/17)
+
 ## [1.3.2](https://github.com/betterbugs/dev-tools/compare/v1.3.1...v1.3.2) (2026-02-16)
 
 

CONTRIBUTING.md

@@ -47,6 +47,37 @@ If your work depends on unreleased features or changes, base your work directly
 
 ## Code Contributions
 
+### 🚨 Dependency & Lockfile Policy (Read Before PR!)
+
+**When to Commit `package-lock.json`**
+
+- **You MUST commit `package-lock.json` if:**
+	- You add, remove, or upgrade a dependency in `package.json` (for example, when your new tool needs a new npm package).
+	- You intentionally update any package version in `package.json`.
+	- After such changes, always run `npm install` and commit both `package.json` and `package-lock.json` together.
+
+- **You MUST NOT commit `package-lock.json` if:**
+	- You are only editing, adding, or refactoring tool components, UI, or logic, and did not touch `package.json`.
+	- You ran `npm install` after pulling latest develop, but did not change dependencies. If the lockfile changes, discard it (`git checkout -- package-lock.json`).
+
+- **Dependency/toolchain upgrades (Next.js, ESLint, etc.) must be in a separate PR, never mixed with feature/tool PRs.**
+
+**For Adding a New Tool:**
+
+- If your tool needs a new npm package:
+	1. Add the dependency to `package.json`.
+	2. Run `npm install` (this updates `package-lock.json`).
+	3. Commit both files in your PR.
+- If your tool does NOT need a new dependency, do NOT touch or commit `package-lock.json`.
+
+**Why?**
+
+- Our CI uses `npm ci`, which requires the lockfile to match `package.json` exactly.
+- Random lockfile churn (from different npm versions or accidental upgrades) causes huge, noisy diffs and can break builds.
+- Only the canonical lockfile in `develop` is valid.
+
+---
+
 Please ensure your pull request adheres to the following guidelines:
 
 - Search [open pull requests](https://github.com/betterbugs/dev-tools/pulls) to ensure your change hasn't already been submitted

app/components/developmentToolsComponent/bcryptGenerator.tsx

@@ -1,5 +1,6 @@
 "use client";
 import React, { useState, useMemo } from "react";
+import bcrypt from 'bcryptjs';
 
 // Custom styles for the range slider
 const sliderStyles = `
@@ -48,28 +49,29 @@ const BcryptGenerator = () => {
 
   // Simple bcrypt-like hash function (for demonstration - not cryptographically secure)
   const generateHash = async (text: string, rounds: number): Promise<string> => {
-    // This is a simplified implementation for demo purposes
-    // In production, you would use a proper bcrypt library
-    const encoder = new TextEncoder();
-    const data = encoder.encode(text + rounds.toString());
-    const hashBuffer = await crypto.subtle.digest('SHA-256', data);
-    const hashArray = Array.from(new Uint8Array(hashBuffer));
-    const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
-    return `$2b$${rounds}$${hashHex.substring(0, 53)}`;
+    return new Promise((resolve, reject) => {
+      bcrypt.genSalt(rounds, (err, salt) => {
+        if (err) return reject(err);
+        bcrypt.hash(text, salt, (err2, hash) => {
+          if (err2) return reject(err2);
+          resolve(hash);
+        });
+      });
+    });
   };
 
   // Simple verification function (for demonstration)
   const verifyHash = async (password: string, hash: string): Promise<boolean> => {
-    try {
-      const parts = hash.split('$');
-      if (parts.length !== 4 || parts[1] !== '2b') return false;
-
-      const rounds = parseInt(parts[2]);
-      const generatedHash = await generateHash(password, rounds);
-      return generatedHash === hash;
-    } catch {
-      return false;
-    }
+    return new Promise((resolve) => {
+      try {
+        bcrypt.compare(password, hash, (err, res) => {
+          if (err) return resolve(false);
+          resolve(Boolean(res));
+        });
+      } catch {
+        resolve(false);
+      }
+    });
   };
 
   const handleGenerateHash = async () => {