Add test for branchStream root opt

[Powersource]

fixes https://github.com/ssbc/ssb-meta-feeds/issues/114

• [ ] fix bug where you can't use root on someone else's root id
• [ ] add check that the user is actually inputting a root id and not like an object
• [ ] shouldn't output anything if it's an invalid root id. like here it just seems to make up a root feed https://github.com/ssbc/ssb-tribes2/pull/78#discussion_r1158493143
• [ ] arj wrote that "this line looks wrong. It basically just tests that you have a seed yourself, not that it correspond to anything within the message. "

[socket-security[bot]]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore blake3@2.1.7
• @SocketSecurity ignore ssb-buttwoo@0.3.3
• @SocketSecurity ignore ssb-classic@1.1.0
• @SocketSecurity ignore ssb-db2@6.3.3
• @SocketSecurity ignore ssb-index-feeds@0.10.2
• @SocketSecurity ignore ssb-network-errors@1.0.1
• @SocketSecurity ignore ssb-subset-ql@1.0.1

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
blake3@2.1.7 (added)	install	package.json via ssb-ebt@9.1.2

⚠️ Deprecated license

License is deprecated which may have legal implications regarding the package's use.

Update or change the license to a well-known or updated license.

Package	License	Source
ssb-buttwoo@0.3.3 (added)	LGPL-3.0	package.json via ssb-ebt@9.1.2
ssb-classic@1.1.0 (added)	LGPL-3.0	package.json via ssb-db2@6.3.3, ssb-ebt@9.1.2
ssb-db2@6.3.3 (added)	LGPL-3.0	package.json via ssb-ebt@9.1.2
ssb-index-feeds@0.10.2 (added)	LGPL-3.0	package.json via ssb-ebt@9.1.2
ssb-network-errors@1.0.1 (added)	LGPL-3.0	package.json via ssb-ebt@9.1.2
ssb-subset-ql@1.0.1 (added)	LGPL-3.0	package.json via ssb-ebt@9.1.2

Pull request alert summary

Issue	Status
Install scripts	⚠️ 1 issue
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Deprecated license	⚠️ 6 issues
Missing license	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

---

📊 Modified Dependency Overview:

➕ Added Package	Capability Access	+/- Transitive Count	Publisher
pull-many@1.0.9	None	+0	dominictarr
ssb-ebt@9.1.2	network, environment	+10	staltz

[Powersource]

anyone want to adopt this pr? it seems i won't need it for my tribes2 pr @arj03 @mixmix @staltz