Etherpad dependencies take 23 seconds, metrics plugin 32. It installs 158 packages, introduces 11 security issues in the dependencies (0 for Etherpad).
Finally, it uses deprecated Etherpad hooks and doesn't seem maintained.
The feature vs attack surface balance isn't good.
As said in IRC:
14:47:59 < Dereckson> (j'ai un doute pour ep_ether-o-meter après relecture du package.json, je me demande si ce n'est simplement à ce moment là que npm audit s'est réveillé)
14:49:44 < Dereckson> Je soupçonne que npm install <plugin> prend les dépendances de dev d'Etherpad aussi, alors que https://github.com/ether/etherpad-lite/blob/develop/src/bin/installDeps.sh utilise npm ci --no-optional
The deprecated issues stand.
In addition, there is a conflict of URL /metrics for this plugin and the Prometheus plugin.