You can pretend there's no difference between this and a computer virus, but there clearly is.
The users of this software pull it, explicitly, voluntarily. The author says it doesn't serve any particular purpose, and in using it you understand that. the software itself did nothing malicious, it just stopped working. It's not the same thing as slapping a license on a computer virus and forcibly foisting it onto an unwitting victim. It's not naive legalese loophole workaround thinking. When you choose to use the software you agree to abide by the license, which includes no promise of utility whatsoever.
Those seem like different things since a computer virus "user" never consents to or accepts the license, whereas someone importing the library into their package.json has.
Eh, just write in the EULA exactly what your virus will do and that they have no warranty, bundle it as an add-on a la toolbar bundling in the 00s, and bam, you've got the user's consent to do anything!
> No warranty means he isn't liable for any behavior of the software at all.
Somebody should tell all those computer virus authors, all they had to do was not include a warranty, and they're untouchable!