@cel So is ssb-ooo a mechanism for a blobs-like replication of individual messages?
Yes
Unknown integrity string: sha256-/xm5O/jeBb6n6mvwXSa6RiJirWPVAPX+Eu9bGnF14HM=
I'm not sure what to do about that... I think the string is a valid SSRI string.
but looks like you got it working in %1fxInGT... maybe?
ssb-npm's shasum strings are compatible only with npm 5 and up.
It should work with npm < 5, as it detects those versions to give them a sha1 (by fetching the tarball to calculate the shasum on-the-fly, or using the sha1 that newer ssb-npm-registry versions include in the publish message); if not, that is a bug.
the message id is the key of the npm publish for that package (in your example case patchfoo), right?
Yes