Well, I wrote thing to check if base64 is canonical is-canonical-base64 it seems this got caught in a new npm spam filter... I did manage to find this blog post but I don't understand why it denied is-canonical-base64 because it accepted iscanonicalbase64 (without punctuation)

hmm, also good news: I notice that ssb-ref already enforces canonical base64 on identifiers - because the tests have fixed numbers on the length of the ids (although not signatures or encrypted content currently)