I created an ESLint plugin to warn developers when they import vulnerable dependencies in a project. It is smart enough to detect vulnerable methods rather than flagging entire import. For example, if only a few methods in a library are vulnerable, the ESLint plugin only throws an error if these methods are imported. What do you think about this?