Social vicinity should not be strictly necessary to see dependencies for top-level packages published with ssb-npm-registry (as of %O47FRp6...). When a package is published with ssb-npm publish
or e.g. npm publish --registry=http://localhost:8043/
, the npm-packages
message should link, with the dependencyBranch
property, recursively, to a set of npm-packages
messages containing all needed dependencies for the published package, recursively. ssb-npm-registry
should make use of these links when resolving dependencies, so if the dependencies' authors' feeds are not available, the necessary messages are fetched by hash. So a message hash for the top-level package publish should be sufficient to get the dependencies, assuming you have the ssb-ooo
plugin and can get the necessary messages via ooo
replication.
Usage with ssb-npm-registry
:
Insert the URL-encoded message id after the registry base URL. Example:npm i patchfoo --registry=http://localhost:8043/%25uweCcGdDMrMr7B07OdOHXgWz7dtarAQw5mUIPqJ5KTc%3D.sha256
More info in the readme for ssb-npm-registry, under heading "Message scope": &fMbzp6T...