For reducing external dependencies, it would be nice to somehow know every call made to a package, generating the call tree to replace. That becomes the API of the internal, replacement package.

▲

zenmac 13 hours ago | parent | next [-]

You mean this: https://npmgraph.js.org

▲

privatelypublic 14 hours ago | parent | prev [-]

Not sure that's possible with JS.

▲

cj 11 hours ago | parent [-]

You could theoretically overwrite the public functions of a module, inject some logging code, then execute the originally intended function when it's called with ".apply()" and passing the original arguments in.

That might get you part of the way there.

	▲	privatelypublic 2 hours ago \| parent [-]
		I'm thinking eval's and prototype overloading would make this a permanent cat and mouse game. Frankly, I don't see how the node ecosystem can ever be secure. It's random-libraries all the way down. With half of them being useless frippery. Imho, WASM compiled from languages that have strong standard libraries are the way forward for security. And, maybe node will get fixed in 5-10 years. A good example of a language going "this shouldn't be a library."- Net used to only have a third party json parser (newtonsoft) but microsoft created a first party json parser and deprecated newtonsoft from their examples and templates