Make it only apply to paid software or that used commercially. Then, you get what you pay for more often. ;)

Also, the liability of companies pushing open-source software for commercial use might be a way to get contributions to it improving quality. The companies can get sued. They're financially benefiting from it. So, they might invest some money into companies developing the code to make sure it meets whatever the standard is. It's not the best, incentive structure but it's a incentive structure. Right now, most can freeload off code which also might be shoddy enough to affect their users.

It might work to put the onus on those deploying the software. You can still freely publish what you want because free speech, and the legal responsibility starts exactly where it should: when the bugs have a chance to hurt someone other than the deployer. Said deployers, however, will be more highly motivated to ensure their software is secure, and will probably wind up with some sort of homegrown software certification process.

Quite the opposite. If you give a product for free you cannot be fined for it, obviously.

Yet, open source can be vetted, and people can be paid to review and vet software.

Debian developers review software before uploading it end often do additional work on hardening it.

The distribution then freezes to ensure maturity, let people discover vulnerabilities and backport fixes.

https://www.cip-project.org/ builds from Debian and goes even further by supporting releases for decades.

If it helps clean up the npm ecosystem mess, would that really be a bad thing?

I think thats a ridiculous statement. Should we also limit how many books are written and who can write them?

What is the difference?

If you buy a book and it turns out to be trash, is that negligence on the part of the author? Is your safety at risk because of it?

You could maybe argue that this is true for textbooks, but not much else.