> I'm skeptical about the runtime providing such APIs. As Ruby on Rails does well, these are issues that should be handled by the framework, not the runtime.

Well there's no Rails for JS and in case you're not aware there's an absolute security disaster going on with NPM.

For a typical Node project dozens if not hundreds of dependencies need to be used. Eg Platformatic needs 258 dependencies of which 97 depend on a single maintainer.

https://npmgraph.js.org/?q=platformatic#zoom=h

You only need a single dependency to become compromised. And as anyone who has maintained a Node app knows, with all those dependencies you're like 5 mins away from an incompat issue.

Maybe another solution would be for the runtime to provide like a versioned standard suite of deps that matches the runtime version. So these are secure and fully compatible with the runtime and with each other.