The proper way to do it, would be to have an industry standard on the default things people blindly but massivly pull through dependencies.

I also don't get how code can be so massivly inefficient. left-pad needs 9kb to download and the code is a handful of lines: https://www.npmjs.com/package/left-pad?activeTab=code

If my unit tests run through, i don't have 'unproven' code. I have well working code which doesn't need to go through a dependency hell upgrade cycle just because one function in that lib, i don't use, has some CVE too high to be ignored.