Not really a solution to this problem, but more of a damage control thought... Is there a way to run dependencies of dependencies in some kind of a restricted sandbox environment, where HTTP requests and access to DOM are intercepted, and only whitelisted dependencies get that kind of access? Is it possible to create a scope with fake window and document objects for those dependencies, from which they cannot break out?
If it's possible I guess webpack or whatever is bundling the JS would have to take care of that sandboxing?
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.