If you’re looking for what could have been done to prevent this, look no farther than this bit of…
Tyler Mullins
561

It’s not ‘business’ if you’re not getting paid.

It is, however, assholishness to expect *any* package you’re not personally paying for support on to come as anything other than ‘as-is’ ‘no warranty’ ‘caveat downloader’.

I hope you enjoy negotiating a license for each and every one of your 1000 NPM dependencies in a few years, because that’s where entitled attitudes like yours are driving things.