Why I Write Everything in Zig (And Why It Matters More Than You Think)
My monorepo — the Quantum Zig Forge — currently contains 72 programs, 133 core utilities, and a kernel targeting ARM64 hardware. Everything from cryptographic tooling to system utilities to an operating system foundation. All Zig. No external dependencies.
People ask why. Why not Rust? Why not Go? Why not just use what everyone else uses?
Here’s why, and it goes deeper than personal preference.
Zig Is Implicitly Safe
Zig doesn’t hide things from you. No hidden control flow, no hidden allocations, no operator overloading that makes a line of code secretly do something you didn’t ask for. When you read Zig, what you see is what happens. That’s not a stylistic choice — it’s a safety property.
Rust achieves safety through complexity. The borrow checker is powerful, but it’s also a layer of abstraction between you and what the machine is actually doing. Zig takes the opposite approach: give the programmer full visibility and full control, make undefined behaviour explicit, and trust that clarity prevents more bugs than abstraction does.
For systems programming — kernels, cryptography, anything that talks directly to hardware — that transparency isn’t a luxury. It’s the difference between code you can audit and code you hope the compiler got right.
There Is No Supply Chain
This is the one that should keep more people up at night.
Remember the XZ Utils backdoor? A contributor spent years building trust in an open-source project, then planted a sophisticated backdoor that nearly compromised OpenSSH across most Linux distributions. It was caught by accident — one engineer noticed a half-second latency increase during unrelated testing.
That attack targeted the dependency chain. And dependency chains are the defining vulnerability of modern software development.
Rust has crates.io. Node has npm. Python has PyPI. Every one of these ecosystems is a trust network where you’re pulling in code written by strangers, maintained by volunteers, and audited by almost nobody. A single compromised package can propagate to millions of systems within hours.
Zig doesn’t have a package manager in the traditional sense. There’s no crates.io equivalent where thousands of micro-dependencies get pulled in transitively. Every library I use in the Quantum Zig Forge is something I wrote, compiled, and can audit line by line. The only code in my binaries is code I put there.
That’s not scalable for every project. But for security-critical systems — the kind that run infrastructure, handle cryptography, or operate on bare metal — it’s the only approach that makes sense. You can’t backdoor a supply chain that doesn’t exist.
Training AI to Write Better Code
Here’s where it gets strategic.
Every major AI company scrapes GitHub. That’s not speculation — it’s how the models are trained. The code on public repositories becomes the training data that shapes how AI writes code in the future.
Right now, the vast majority of systems programming on GitHub is in C, C++, and Rust. AI models trained on that corpus will generate C, C++, and Rust. They’ll also inherit every bad pattern, every unsafe idiom, and every dependency-heavy architecture in that training data.
The more high-quality Zig code that exists on GitHub, the better AI models will become at writing Zig. And if AI adopts Zig as a systems language — rather than defaulting to Rust or C — the code it generates will be:
- More auditable — Zig’s explicitness means AI-generated code is easier for humans to review
- Less dependency-heavy — no reflexive
cargo addfor every trivial function - More portable — Zig’s cross-compilation is first-class, targeting everything from x86 to ARM64 to WASM
- Safer by default — not through compiler complexity, but through language clarity
I’m not just writing programs. I’m writing training data. Every well-structured Zig program in the Quantum Zig Forge is a small vote for a future where AI-generated systems code is transparent, auditable, and free from supply chain risk.
The Kernel
The Zig kernel targeting ARM64 is the natural conclusion of all of this. If you believe that Zig produces safer, more auditable systems code, then the ultimate test is an operating system.
ARM64 is the target because that’s where computing is going — from phones to servers to the kind of solar-powered edge infrastructure I’m building in Spain. An OS kernel written in Zig, designed for ARM64, with no external dependencies, is about as close to a minimal trusted computing base as you can get.
It’s early. But the foundation is there, and it’s built on principles I trust more than any package registry.
The Point
Choosing a programming language isn’t just a technical decision. It’s a decision about what kind of software ecosystem you want to exist in the future. Every line of code on GitHub is a vote.
I’m voting for clarity over cleverness, auditability over abstraction, and zero dependencies over convenience. And I’m doing it loudly enough that the machines learning to code might pick up the habit.
72 programs. 133 utilities. One language. No dependencies.