History

The xoscript programming language is a server-side scripting language that has been in development under various names since 1993. In 2009, the project was restarted with a focus on research, localization, and educational use.
Between 2020-2025, it became apparent that existing server-side scripting languages had grown increasingly complex and heavy over time, leading to concerns about attack surfaces, code quality, backward compatibility (due to frequent breaking changes) and control. In response, a new edition of the programming language has been released in 2026 under the name xoscript with the goal of providing a simple, secure environment for server-side scripting.

xoscript emphasizes three core principles:
simplicity, security and backward compatibility.

Simplicity
Minimal syntax rules make the language easy to learn and remember. The entire language consists of no more than 5 grammar rules which should fit in human short-term memory. It should be trivial to learn the entire xoscript grammar by heart within minutes for most developers. The xoscript project practices strict design discipline and exercises restraint in language evolution, therefore refraining from introducing additional syntax as much as possible. The project covers the basic needs of server-side scripting but aims to remain as compact (and therefore auditable) as possible. Current gzipped binaries weigh about 300kb.

Security & Auditability
Designed with server use in mind, security is a key consideration. The xoscript project aims to minimize attack surfaces by providing a limited yet well-audited set of core functions, only the absolutely minimal dependencies (ffi,curl,mariadb,pcre2), sandboxing and sound crypto. The dependencies are carefully selected and chosen to provide secure parameterized database access (mariadb), basic network access (curl), pcre2 compliant regular expressions (pcre2) and foreign function capabilities (libffi). Only a single database connector is included (mariadb) to provide upgrade paths from LAMP environments and because this is one of the most used database systems globally. By providing only a single connector the project remains auditable and maintainable for the xoscript project. The xoscript project deliberately trades ecosystem breadth for auditability and control. Thus we provide a very tight API.

Backward Compatibility
Breaking changes negatively impact revenue by driving up maintenance costs, especially for legacy systems. The xoscript project aims to let developers write code once and run it forever, as far as that is realistically possible. A special backward compatibility feature allows developers to pin their program compatibility to a specific version without missing essential updates.

Some design choices of xoscript are unconventional. These include: dynamic types, dynamic scope, fault tolerant Smalltalk-like message passing, prototype-like inheritance, whitespace sensitive syntax with operators (binary messages), asymmetrical literal string boundaries. All these design choices are deliberate and explained in the faq. They may appeal to some software developers more than others. It is therefore recommended to review the language details and familiarize oneself with the design before starting a project.

Permissive BSD License
xoscript is released under the BSD 2-Clause license. This is a simple, permissive open-source license that allows the code to be used, modified, and redistributed for any purpose, including commercial and proprietary use.
Users are free to study the code, incorporate it into other projects, distribute modified or unmodified versions, and deploy it in private or commercial environments. The license imposes minimal requirements, primarily the preservation of copyright notices and disclaimers.
The choice of the BSD 2-Clause license reflects the project's emphasis on simplicity, long-term usability, and minimal restrictions on adoption and deployment.

Commercial Support
Commercial support for xoscript is available for organizations that require professional assistance, custom features, or deployment guidance. Interested parties are encouraged to contact the project lead directly for details regarding services, pricing, and engagement options.

Apolitical and merit-based project
In recent years, broader social and political debates have increasingly entered technical communities and open-source projects. While such discussions may be relevant elsewhere, xoscript deliberately limits its scope to software engineering concerns.
Aligning a project with particular political or ideological positions tends to attract some contributors while discouraging others. From a long-term perspective, this reduces the potential contributor pool and risks excluding valuable technical expertise for reasons unrelated to the quality of the work itself.
xoscript is therefore an apolitical project. It does not adopt or enforce political, social, or ideological positions. Contributions are evaluated solely on their technical merit, correctness, and long-term impact on the project.
The project does not maintain a Code of Conduct. Non-technical, unconstructive, or ideological commentary is considered out of scope and is not taken into account when reviewing contributions. As long as contributions meet project standards and add value, they are considered. Personal opinions, affiliations, or worldviews are treated as irrelevant and do not influence contribution evaluation.