November 12, 2025
XML’s undead comeback
Show HN: XML-Lib – An over-engineered XML workflow with guardrails and proofs
The tool nobody asked for—until your boss and auditors do
TLDR: XML‑Lib turns XML documents into a tightly controlled, auto‑published workflow with signed, audit‑friendly results. Comments split between “why XML now?” and enterprise veterans cheering governance, security, and smart diffs—because when regulators knock, boring reliability beats trendy tech every time.
Hacker News got loud when XML‑Lib dropped: an “over‑engineered” XML toolkit that validates your documents across files, signs the results like receipts, and spits out polished web pages and even PowerPoints. Cue chaos. One camp laughed at the “PowerPoint from XML” flex and the “signed assertion ledger” (cryptographic proof your checks ran), calling it enterprise cosplay. The other camp—compliance folks and team leads—basically stood up and clapped, yelling “finally, guardrails!”
For the uninitiated: XML is a text format with tags; XSLT turns it into pretty HTML; CI/CD is automated build/testing; XXE is a nasty security bug this tool blocks by default. XML‑Lib checks timeline order, unique IDs, and broken references, then publishes docs, diffs with explanations, and lints formatting. The comment war hit peak drama with “Why XML in 2025? Just use JSON,” versus “Regulators don’t accept vibes.” Streaming validation for big files got cheers, while attribute‑ordering linting got eye‑rolls.
Memes flew: “Relax? Not with Relax NG,” “Schematron is lawyer‑mode XML,” and “Blockchain vibes—but it’s just signatures.” The PHP page generator triggered flashbacks, then won points for security hardening. Verdict: split community, huge entertainment. But anyone who’s shipped docs to auditors saw those provenance trails and said: ship it.
Key Points
- •XML-Lib validates XML with Relax NG and Schematron, enforcing cross-file constraints like IDs, checksums, and temporal monotonicity.
- •It provides a rule engine with provenance tracking and a cryptographically signed assertion ledger output in XML and JSON Lines for CI/CD.
- •Publishing tools include an XSLT 3.0 HTML generator, an OOXML PowerPoint composer, and a PHP 8.1+ page generator with XXE protection.
- •New features add streaming validation for large files using iterparse, with thresholds, progress indicators, and graceful schema fallbacks.
- •A new lint command checks formatting and security issues (indentation, attribute order, XXE, whitespace, line length, final newlines) with JSON output.