Yes, but if you take the very useful NoScript, a typical website calls on 8-10 js domains.
It's not always clear what scripts are need-to-have vs eye candy/ad serving. Then, as you enable some, they in turn want to load more.
Obfuscated urls may look malicious but often are just how CDNs work.
(not to mention js-only sites that render nothing until enabled)
It's a massive obnoxious mess and often results in me leaving a site on arrival.
In addition to checking vs last-seen versions, as suggested here, maybe it's time browsers/plugins look at behavior and profile of scripts, including stuff like api calls being made, cpu use and clipboard access. Known-good script hash checks vs a central registry. Possibly uploading never seen code up for analysis.
No need for the equivalent of flashlight apps accessing contacts, for example.
I don't see this as a JS fail per se - any language holding its role in our current web architecture would cause this. But our trust model feels a lot like when we were sending each other EXEs with funny contents in the mid 90s. I don't see it lasting another 20 years.