I mostly do front-end work, so I get why you would default to CDNs - it's more likely that users ALREADY have that CDN link downloaded and cached on their machine than not. It's absolutely an upgrade for 99.9% of most use cases.

Here, on the other hand, you are trying for peak privacy, though, so the situation reverses. Every single third-party request is a potential attack vector. Contrary to general best practices, you would want to force yourself to include every CDN package unless there was some MASSIVE benefit to excluding them (and disabling the utility that relies on it), like hundreds of MBs of data for a rarely-used utility, or something that you wouldn't want to force on the majority of users.

That aside, I really appreciate this collection! Local first will always be preferred to server apps as far as I'm concerned, so this is fantastic!