What the others wrote. Especially as node.js is a software ecosystem with an abysmal security track record.

unused software has no place on a production server

Very recently, node.js and laravel were added. I have no use for either of them.

They are just bloatware and cannot be removed cleanly. This is unhealthy!

They increase the complexity and attack surface of my server as well as the cognitive load of my brain.

For every new "default" extension, I have no way to tell whether Plesk or some other installed software might need them now or in the future, and there is a risk that attempting to remove the bloatware might backfire at some point.

We're running a web hosting service in the public sector for our university (hosting campus sites). We need to be able to proactively review, test, and install additional features per our change process and data security requirements.

For example: The SiteJet Builder extension takes customers to an external, third-party platform where they build their site. And while the site content (including files) is copied back to Plesk to be served locally, it's also backed to an external CDN that we have no insight into or control over.

So under our data security policies, we would not have offered that extension to our users.

However, Sitejet was pushed as a "core" feature and auto-installed, which caused confusion and forced us to make an urgent change to blacklist and remove it.

As a result, our confidence and trust in Plesk as a vendor that can work with common cross-industry business requirements has weakened.

None of these new, auto-installed extensions can be considered "core", and it's not reasonable to ask server administrators to know in advance that they need to update their server configuration files to block new extensions from being installed.

Instead, finding ways to communicate, showcase, and highlight new products in the ecosystem would be better.

Along with the feature showcase and offering demos, extension behaviors also should be better-documented, especially in regards to their security. If an extension shares data with a third-party, that needs to be clearly communicated and defined.

I also like to have more control about enabling new features.

TL;DR: This is a feature request for adding a feature wizard/showcase (for lack of a better name) to Plesk. Something that simply let's administrators choose whether they want to enable the new features that have become available when a Plesk update has been installed.

Detailed use case:
Currently, often new features are enabled by default when a Plesk update gets installed on existing Plesk installations. This is not always desirable and can cause confusion with Plesk server administrators. For example administrators might not want to enable new features directly as they become available because they want to familiarize themself with the feature first. Which might take them some time. 

I am sure that many Plesk administrators will have a bit more "peace of mind" when they have the option to choose which new features they want to enable after a Plesk update. It gives administrators more control over their Plesk installation and tailor it to their own needs.

The added benefit here, is that this way administrators are much more aware of new features are available too. Basically showcasing Plesk's hard work. Because I assume that not everybody reads the change log regularly.