The BGB (German civil code) looks to have similar:

> Section 276(3): The obligor may not be released in advance from liability for intent

German law is if anything stronger on this point. A maintainer intentionally shipping malware-like behaviour in their project is definitely Vorsatz oder grobe Fahrlässigkeit

In their mind the USA=the default country=the world