A modern programming language that makes developers happier.

kotlinlang

Is it possible to limit java classes accessible from scripts to specific packages?

There is no specific functionality in the scripting API, but you control both compilation classpath and evaluation classloader, so you can control it with some effort.

Maybe I could set the actualClassLoader with reflection, but I'd need to have access to the compiled script, which is probably out of scope for the JSR engine

In the meantime, I ended up forking scripting-commons and scripting-compiler to add a `List&lt;String&gt;` whitelist consisting of package/class names to the `CompiledScriptClassLoader`
It's not an optimal solution, but it gets the job done

`actualClassloader` is for internal use, but you can set `baseClassLoader` instead, no reflection is needed. You probably also want to set `loadDependencies` to false and manage dependencies manually in your classloader.