[bryanrasmussen]

>If they want to publish their upstream as malware, okay.

I think you'll find that argument will not be very persuasive to a judge if the case is that the author of the software knowingly adds code in after people have integrated it into their systems that on purpose damages those systems.

Intention will often carry weight, and no claiming of rights and purity and see I wrote here you can't do anything to me! is going to persuade a judge that you can just go around destroying property because you want to.

[isitmadeofglass]

If you sign a contract stating that you get 10k and in return I get to destroy your property. A judge is not very likely to enforce the payment but state that I should not destroy your property “because obviously thats not something you would like”

The license grants you usage but you agree to no responsibility for damages. You can’t cherry pick half of it, that defies the entire point of a license. The fact that you’d like to both Ear your cake and have it to does not have any weight in court.

[rcxdude]

Licenses aren't contracts, and more to the point, licenses grant you the right to copy or distribute the software, you do not need to agree to them for use (this is a very common misconception). You have the right to use the software if you have been given a copy by someone with the right to distribute the software, unless you have signed a contract with them stating otherwise (EULAs and other such attempts to force a one-sided contract onto users generally have little weight in court).

[uwuemu]

People are so clueless about law, this comment is a great example. A licence is worth jack shit in a criminal case (which this would be, if prosecuted).

[urthor]

Agree with this.

I think the difference is between sharing the code and pushing dodgy code down into npm. Which is my misunderstanding.

Pushing this dodgy code down to end users in Russia/Ukraine is a cyberattack.