People are just npm installing whatever without
even checking the github stars or usage; not that that says anything but not
even that. As a bare minimum devs should check if their libraries have robust testing, are maintained by people who have the time to do so etc. A lot of open source libraries are really bad and if you are building commercial (packaged / saas, doesn't matter) software on top of that, you definitely should be held liable if that causes harm. This lazy behaviour should end as it indeed
does cause horrible messes.
This over the top article is, I guess, pointing to open source software that's used by an individual directly from the source as an enduser and then causes harm, not to parts of commercial software that includes open source software when they talk about holding open source devs liable.