By ByteBot
Fabrice Bellard—creator of QEMU and FFmpeg—released MicroQuickJS on December 22, 2025, a JavaScript engine that runs on just 10kB of RAM with 100kB total ROM footprint. The release topped Hacker News with 1,366 points and 515 comments within 48 hours. This isn’t hype—it’s JavaScript conquering embedded systems, the last hardware frontier where it was previously impossible due to memory constraints.
The 10kB Breakthrough That Changes Everything
MicroQuickJS runs JavaScript programs using as little as 10kB of RAM and requires only 100kB of ROM (ARM Thumb-2 code) including the C library. That’s a 4x reduction from Duktape (~40kB RAM) and puts it in the same weight class as Samsung’s JerryScript (<8kB RAM). The technical innovations enabling this footprint include a tracing garbage collector with memory compaction, stack-independent VM architecture for predictable memory usage, bytecode that executes directly from ROM without decompression, and UTF-8 string storage internally.
Moreover, MicroQuickJS implements a strict JavaScript subset close to ES5, forbidding error-prone or memory-inefficient constructs that bloat traditional engines like V8 or SpiderMonkey. This isn’t a dumbed-down toy—Simon Willison’s technical analysis confirms performance comparable to full QuickJS despite the drastic size reduction.
The sweet spot? Modern microcontrollers like ESP32 and ARM Cortex-M series typically have 10-100kB of RAM available. Bellard threaded the needle between JerryScript (smallest but feature-limited) and Duktape (more features but 4x larger). JavaScript is now viable on the exact hardware class powering IoT sensors, robotics platforms, and edge computing nodes.
Bellard’s Legendary Track Record Validates the Bet
Fabrice Bellard is the developer behind QEMU (virtualization standard), FFmpeg (video processing used by billions daily), JSLinux (ran Linux in a browser in 2011), TinyCC (tiny C compiler), and set the world record for calculating Pi to 2.7 trillion digits using his own algorithm. He won the International Obfuscated C Code Contest three times. When Bellard releases something, developers pay attention.
Redis creator Antirez (Salvatore Sanfilippo) commented on Hacker News: “Had MicroQuickJS existed in 2010, Redis scripting would have been JavaScript and not Lua. I selected Lua based on implementation requirements, not on the language ones.” This is the critical insight: Lua dominated embedded systems for 30+ years not because it’s superior to JavaScript, but because JavaScript engines couldn’t fit in constrained memory. MicroQuickJS changes that calculus.
Furthermore, HashiCorp founder Mitchell Hashimoto said: “Fabrice Bellard is an absolute phenom. For those who don’t know, he created FFmpeg and Qemu. He has like a dozen+ other accomplishments that are overshadowed by ‘created FFmpeg and Qemu’ but on their own are unbelievably amazing achievements.” Bellard’s reputation provides instant credibility. QEMU and FFmpeg became foundational infrastructure used daily by millions. Developers trust his work because it lasts.
Security-First Design Solves IoT’s Nightmare
MicroQuickJS is designed from the ground up for safely executing untrusted code on embedded devices. It provides built-in memory and CPU limits, no filesystem or network primitives, and regex attack prevention through interrupt handlers even during pathological backtracking. IoT devices are notorious security risks—the ability to run user-provided scripts safely (like IoT app stores, configurable sensors, or edge computing nodes) without risking device compromise is a genuine breakthrough.
Simon Willison’s analysis: “MicroQuickJS is a solid new entrant in robust sandboxing solutions, combining tiny footprint with excellent security properties and distinguished authorship.” His testing demonstrated WebAssembly portability: MicroQuickJS compiles to 303 KB (120 KB transferred) versus QuickJS’s 2.28 MB—a 7.5x size reduction. He successfully built bindings for Node.js, Deno, and Pyodide environments.
The sandboxing capabilities position MicroQuickJS as the embedded equivalent of browser JavaScript’s security model. Edge nodes can process data locally before cloud upload, running transformation scripts in isolated contexts. Smart sensors can execute configuration logic without firmware reflashing. IoT platforms can host app marketplaces where third-party code runs safely on constrained hardware.
Perfect Timing for the Embedded Systems Resurgence
The IoT MCU market reached $23.2 billion in 2024 and is projected to grow to $29.4 billion by 2030 (3.9% CAGR). Connected IoT devices will exceed 27 billion by 2025. The edge computing market will grow from $168.40 billion in 2025 to $248.96 billion by 2030 (8.1% CAGR). Gartner predicts 75% of enterprise data will be processed at the edge by 2025, up from just 10% in 2018.
MicroQuickJS arrives at the exact moment embedded systems are exploding in scale but face a developer shortage. C-only embedded programming creates a talent bottleneck—web developers outnumber embedded C developers by orders of magnitude. JavaScript democratizes embedded development the same way Node.js democratized server-side programming in 2009: by expanding the talent pool to include the millions who already know the language.
The market dynamics favor JavaScript despite Lua’s technical advantages (tail call optimization, LuaJIT’s exceptional performance). Hacker News discussions acknowledged Lua’s strengths, but JavaScript’s familiarity and ecosystem size could overcome technical inferiority through sheer adoption—exactly what happened with Node.js beating more efficient server-side alternatives.
Key Takeaways
- MicroQuickJS brings JavaScript to 10kB RAM embedded systems (IoT devices, robotics, microcontrollers) where it was previously impossible due to memory constraints
- Fabrice Bellard’s track record (QEMU, FFmpeg creator) provides instant credibility; Redis creator confirmed he would’ve chosen JavaScript over Lua if MicroQuickJS existed in 2010
- Security-first design (built-in memory/CPU limits, no filesystem/network, regex attack prevention) solves IoT’s untrusted code execution nightmare
- Market timing is perfect: $29.4B IoT MCU market by 2030, 27B connected devices, 75% of enterprise data at edge—JavaScript expands the constrained developer talent pool
- Too early for production (released 3 days ago), but watch for hobbyist adoption on Arduino/ESP32 within 6 months, potential enterprise pilots within 12 months if Bellard commits to maintenance
