>What makes it impossible for KeePass access tools to have these issues?

the superiority of keepass users scares away the bad actors

> I don't understand how this solves the issue in this case.

I'd say since it is a local only tool, you don't really need to update it constantly provided you are a sane person that don't use a browser extension. It makes it easier to audit and yourself less at risk of having your tool compromised.

It doesn't have to be keypass though, it can be any local password management tool like pass[1] or its guis or simply a local encrypted file.

[1] https://www.passwordstore.org/

It's not impossible, but most KeePass tools are written in sane languages and built with sane tooling, and don't use trash like Javascript and npm. Of course I'm not considering browser extensions or exclusive web-clients, but the main KeePass client has a good autotype system, so you don't really need to use the browser extension.

In any case, the fact that the official BitWarden client (which uses Electron btw) and even the CLI is written in Javascript/Typescript - should tell you everything you need to know about their coding expertise and security posture.