xoscript focuses on security. We aim to use decent quantum resistant cryptography, secure random byte generation, memory leak detection and runtime sandboxing to minimize the attack surface. Our runtime has been designed to be as compact, simple and auditable as possible and runs on Linux and OpenBSD.

Overly complex systems are impossible to secure. Therefore, xoscript is very tiny language consisting of no more than 5 grammar rules. Any developer can learn xoscript within minutes. Xoscript features a simplified classless Smalltalk-like syntax. No classes. No factories. No mixins. No interfaces. No lambdas. No types. Just objects.

Xoscript ships with all the necessary features for server-side software development. Request handler, session handler, connector for MariaDB and MySQL, XChaCha20 based encryption with Arc4Random and Argon2 key derivation, constant time comparison (tccompare), CURL, PCRE2 regex. Need more? Connect to any DLL/SO with FFI.

xoscript does not break stuff. By writing down the date of creation of the program at the top of the file, your code will automatically be guarded against any backward incompatibilities in the future. Unlike version pinning, you still benefit from new features, but breaking changes are avoided. Write once, run forever.

While most template engines promise clear separation between logic and presentation this is almost never true. Most of the time you see for-loops and ifs in your templates. Our template system is different. Using markers to cut and paste sections, we promise real separation of presentation and logic. Zero logic in your HTML.

xoscript is free and BSD licensed. As long as you keep the copyright notices intact, you can basically do whatever you want with it. No strings attached. Further more we are independent of big companies and strictly apolitical.