> OpenClaw and OpenCode are open source projects with zero warranty and nobody to sue if they have a npm Trojan in them

When has any technology company been sued for pushing accidental malware in their updates?

The reality is that you have never had anyone to sue.

So you don’t use any other open source software at all then?

The risk with OpenClaw et al isn't that the software itself is compromised. The risk is that what it does is fundamentally insecure and Claude Code isn't any better