Modern programming languages don't exist in a vacuum, they are tied to the existing codebase and libraries.

Sort of, but I don't really buy this argument. Someone could go and write the "missing JS stdlib" library that has no dependencies of its own. They could adopt release policies that reduce the risk of successful supply chain attacks. Other people could depend on it and not suffer deep dependency trees.

JS library authors in general could decide to write their own (or carefully copy-paste from libraries) utility functions for things rather than depend on a huge mess of packages. This isn't always a great path; obviously reinventing the wheel can come with its own problems.

So yes, I'd agree that the ecosystem encourages JS/TS developers to make use of the existing set of libraries and packages with deep dependency trees, but no one is holding a gun to anyone's head. There are other ways to do it.

Whatever you're trying to say, you aren't.

Maybe the language should have a standard library then.

C library is smaller than Node.js (you won’t have HTTP). What C have is much more respectable libraries. If you add libcurl or freetype to your project, it won’t pull the whole jungle with them.

What C doesn't have is an agreed-upon standard package manager. Which means that any dependency - including transitive ones! - requires some effort on behalf of the developer to add to the build. And that, in turn, puts pressure on library authors to avoid dependencies other than a few well-established libraries (like libpng or GLib),

You can add curl to a Rust project too.

But why, when reqwest is enough for 99% of cases.

Because it requires using async, and for most programs async is not worth the extra effort (plus very heavy dependency in the form of Tokio).

It requires Tokio, and believe it or not there are actual cases for non-async rust. So you can't use it in that case.

It's bloated.