Making commercial vendors who rely on open source software liable for bugs is fantastic news, that's how it always should have been. You can't have a commercial company throw their hands up and say "well github.com/cutefuzzypuppy is at fault for writing an open-source npm package we used so harm to our customers is not our fault!"
> "whether “open source” is exempt from liability in a law designed to protect consumers. So far the answer is “probably not?” Exemption means consumers bear the cost – exactly what the law is trying to change. Perhaps if the open source in question remains an academic or research tool, versus reaching consumers, we’re okay? The proof may come when the first consumer demands compensation, and the courts step in.