Social vicinity should not be strictly necessary to see dependencies for top-level packages published with ssb-npm-registry (as of %O47FRp6...). When a package is published with ssb-npm publish or e.g. npm publish --registry=http://localhost:8043/, the npm-packages message should link, with the dependencyBranch property, recursively, to a set of npm-packages messages containing all needed dependencies for the published package, recursively. ssb-npm-registry should make use of these links when resolving dependencies, so if the dependencies' authors' feeds are not available, the necessary messages are fetched by hash. So a message hash for the top-level package publish should be sufficient to get the dependencies, assuming you have the ssb-ooo plugin and can get the necessary messages via ooo replication.

Usage with ssb-npm-registry:
Insert the URL-encoded message id after the registry base URL. Example:
npm i patchfoo --registry=http://localhost:8043/%25uweCcGdDMrMr7B07OdOHXgWz7dtarAQw5mUIPqJ5KTc%3D.sha256
More info in the readme for ssb-npm-registry, under heading "Message scope": &fMbzp6T...