alt Hacker NewsAgents can clearly strip out functionality from libraries already. They can certainly backport patches to whatever parts you strip out.
The advantage of decoupling from supply chain attacks is so large that I expect this to be standard practice as soon as later this year.
Agents can read the binary that makes up a compiled file and detect behavior directly from that. I've been doing it to inspect my own builds for the presence of a feature.