Hey HN,<p>I built uncurl.dev to scratch my own itch: I kept getting curl commands in API docs, bug reports, or Slack messages and wanted a quick way to visualize, run, and debug them without firing up Postman or writing code to dissect them. It was also sometimes painful to create a test page specifically for non-tech users to consume an API. I originally vibe-coded this over a weekend just to make it easier for myself to debug API requests shared as curl commands. It slowly grew into something I found surprisingly useful in my workflow, so I decided to clean it up and share it.<p>uncurl.dev takes a curl command and:
- Converts it into a visual representation
- Lets you edit and inspect all parts of the request
- Allows sharing via a unique link
- (Optionally) executes it from the server, so business or non-technical users can see results<p>Execution is currently behind login, with a cap (5/min) to avoid abuse and manage costs. Non-logged-in users can still build and share curl commands—they just can’t execute them. The server runs each request in a Docker sandbox with strict resource/time limits (cpu, memory, timeout, no network access outside the request).<p>It’s not meant to replace full-featured tools like Postman or Hoppscotch. It’s more of a “CLI-to-UI bridge” for fast sharing and debugging, especially in dev workflows where curl is the starting point. Think of it like Pastebin or JSFiddle, but for curl commands.<p>If you’ve ever copied a curl from an API doc and wanted a cleaner way to see it or send it to someone else, I’d love your feedback.<p>Thanks!
(You can try it without signup here: <a href="https://uncurl.dev" rel="nofollow">https://uncurl.dev</a>)
Hum I'm definitely not the target for this but I don't see the value to obfuscate all the info in an UUID, I'd have kept things simple and stored things into an URL fragment, that way it's possible to operate client-side only and nothing gets leaked to a server I don't know much about like headers or whatever tokens or API keys could be passed in an URL.
Hey OP, your DELETE curl endpoint is unauthenticated! I can't DM you on HN and there's no contact on your website, so sorry for the public security disclosure. :(
This is why in our codebase we have a rule to not use short options/flags for called commands like curl. And if there is only a short option available, it must be explained in a code comment.
This would be useful if it was client-side only. I only very rarely have curl commands to run that don't also include some stuff like cookies and tokens, which I'm not sending to someone's server so they can run curl for me.
It seems very particular about what curl options it supports. I keep getting “Please enter a valid curl command” no matter what I do.<p>Maybe the only solution is to somehow extract the actual command line parser from curl itself.
Interesting. Default behavior could be improved. I blindly pasted a curl, except showing my curl it didn't make any headers modifiable. It also didn't redacted the Authorization header.
Also there is no way to delete a page.
The Jetbrains suite of IDEs have this handy feature : if you copy a curl command into an HTTP scratch file, it is automatically converted to the HTTP equivalent, which is IMHO much more readable.<p>Your project looks very cool though, and expands on the share aspect of the Jetbrains feature, very interesting!
Looks cool! One bug I found:<p>`curl www.google.com` works using 8.7.1 on macOS, but I get "Please enter a valid curl command" on your website.
While it looks good and even possibly useful, it seems to be a great way to leak sensitive cookies (especially since "copy as cURL" is so easy on the browser's network tab).<p>I would 100% forbid its use in a company environment and I would encourage people in general not to use it for any non-trivial use case.
This is a pretty cool project.<p>One thing: it's rejecting dict lookups as invalid URL,
eg. `curl dict://dict.org/d:failure:fd-eng-fra`<p>I'm checking first here whether I missed something in the docs about not supporting DICT before I add issue to the GH repo
Why the need for an account to execute? Are you executing the command on behalf of the user on your server? Is it possible to just do it locally in browser?