>my repos have commits authored by Claude, Dependabot, GitHub Advanced Security Bot, Copilot, etc.

Unless you're using an enterprise license that indemnifies your liabilities, you're almost certainly breaking copyright law and your packages are unusable by any serious company as a dependency. Even permissive OSS licenses like MIT don't take effect since they're predicated on the author actually holding a valid copyright (which you don't if AI agents have committed to your repo, as affirmed by USCO).

We'll almost certainly have a situation where if an open-source repo has direct AI agent commits in its history, it will be just as untouchable for companies as GPL repos.