Not really, except for a few researchy object capability based systems. (This is kind of the promise of ocap systems: functions you call can only use what they're given and nothing more.)
If you don't trust a library, you can run it in a separate sandboxed process (or app domain, or wasm container, or whatever your language provides).
If you don't trust a library, you can run it in a separate sandboxed process (or app domain, or wasm container, or whatever your language provides).