I'd love to see a package repository where libraries had permissions like Android apps. It would simplify trusting obscure new libraries if I could see e.g. libfoo never accesses the network.