JS: Improve detection of classes with escaping instances

[asgerf]

A class was erroneously considered to escape into client code if it escaping into a upstream library:

class A {}
module.exports = new A(); // Correct: escapes downstream

class B {}
require('foo')(new B()); // Wrong: escapes upstream, does not need a synthetic name