I've built https://bundlescanner.com which is similar what you're describing. It has indexed 35,000 of the most popular npm packages. However, it is not accurate enough to reliably identify which specific version of a package is present in a js bundle.
I'd be curious to hear if anyone can think of possible applications of it in security auditing.
I'd be curious to hear if anyone can think of possible applications of it in security auditing.