d2lang is a modern diagram scripting language that allows users to create diagrams just by writing text. It has gained popularity recently as an easy way to generate diagrams from code. However, some questions have emerged around the legality and safety of using this new language. This article will examine what d2lang is, its legal status, safety considerations, and conclude whether it is recommended for use.
What is d2lang?
d2lang is an open source diagramming language created by Oliver Evans. It is designed to allow users to create neat diagrams simply by specifying the contents in text, without having to use a graphical editor.
Some key features of d2lang include:
- Text-based syntax: Diagrams are described using plain text, making them easy to create, read, and store in version control.
- Generate from code: d2lang integrates with Go, allowing you to generate diagrams directly from your code.
- Parser with error handling: The d2lang parser can parse multiple errors in broken programs and provide helpful messaging.
- Auto-formatting: d2lang includes an autoformatter to keep code neatly formatted.
- Editor integrations: Editor plugins provide syntax highlighting and other features.
- Simple and minimalist: The language is designed to be simple and minimal. As the documentation states: “If it’s not simple, it’s wrong.”
- Focus on language tooling: d2lang focuses on providing a robust language with tooling rather than being a complex diagramming application.
In summary, d2lang makes it easy to generate diagrams from text or code in a simple and lightweight syntax. The language and tooling around it are the main highlights rather than extensive diagramming features.
Is d2lang Legal to Use?
When assessing whether a new software technology like d2lang is legal to use, two key considerations are copyright and licenses.
d2lang is an open source project covered by the BSD 3-clause license. This permissive license allows reuse of the open source d2lang code in both open source and proprietary software. The BSD license does not apply any restrictions on use cases.
As an open source project, d2lang is not infringing on any copyright. The codebase is publicly available and users are free to inspect, modify, and reuse it.
The d2lang license, BSD 3-clause, permits reuse in proprietary software provided the terms are met.
The key terms are:
- License and copyright notice must be included
- Disclaimer of warranty must be included
- Liability cannot be attributed to the authors
As long as you include the required notices and disclaimers when reusing d2lang, there are no licensing restrictions on its use. This applies to both open source and commercial use cases.
In summary, from a legal perspective, d2lang’s open source license permits reuse of the code in any application, open source or proprietary. There are no evident copyright or licensing issues with using d2lang.
Is d2lang Safe to Use?
When evaluating whether an open source language like d2lang is safe to use, some key considerations around maturity and security emerge:
As a relatively new language, d2lang has not yet seen extensive real-world testing. The number of users is still low compared to mainstream languages. This means bugs and quirks are still being discovered.
The language itself is still evolving and certain edge cases may not act as expected. Breaking changes between versions are also more likely with a language in active development.
For these reasons, it’s important to thoroughly test d2lang before using it for production systems where reliability and stability are critical. The bleeding edge nature of d2lang makes it less safe for scenarios like industrial systems or financial transactions.
Since d2lang processes arbitrary text or code to generate diagrams, validating inputs is important to avoid injection of malicious code. The d2lang documentation does warn about sanitizing user inputs when integrating with web applications.
Standard security best practices should be followed, such as:
- Input validation and sanitization
- Output encoding
- Permission checks
- Running with least privileges
There are no known specific security vulnerabilities currently discovered in d2 lang. However, its security has not yet been rigorously tested since it’s new.
In summary, while no specific security risks are currently known, d2 lang should be considered experimental from a security perspective until more thoroughly vetted.
Maturity and Stability
|Language||Release Year||GitHub Stars||Users||Stability|
d2lang shows promise as a simple and code-friendly way to generate diagrams. However, as a relatively new open source project, it lacks the maturity and stability of mainstream languages. From a legal perspective, its open source BSD license permits use in any application. But undetected bugs and security vulnerabilities are more likely given its early development stage.
For these reasons, we recommend proceeding with caution with d2 lang. Make sure to thoroughly test it for your use case and do not rely on it for production systems that demand stability. Monitor for security updates and breaking changes during upgrades. With these precautions, d2 lang can be safely used for prototypes and non-critical systems to evaluate if it’s a fit. But we do not recommend reliance on d2 lang yet where bugs or downtime would be very costly.
Is d2lang approved for use at my company?
You should check with your legal/compliance team whether open source software is approved for use. Ensure you follow all policies around licenses, copyrights, attribution and open source component approvals.
Can I use d2 lang commercially?
Yes, d2lang’s BSD open source license permits reuse in commercial products. Ensure you retain the required license notice as per the terms.
Does use of d2 lang require attribution?
The 3-clause BSD license requires retaining copyright notices and attribution to the authors. Make sure to retain notices where required.
Is d2lang safe for diagrams in medical devices?
No, we would strongly recommend against using the experimental d2 lang language for any diagrams in safety-critical medical devices at this stage. Use well-tested mature diagram software instead.
What security practices should I follow with d2lang?
Follow standard security best practices like input validation, output encoding, permissions checks, and principle of least privilege when integrating d2 lang.