Version
30.3.0
Steps to reproduce
Create a new Node.js project
Install Jest:
npm install jest
Add override in package.json:
{
"overrides": {
"picomatch": "4.0.4"
}
}
Run:
npm install
Check:
npm ls picomatch
Expected behavior
picomatch should resolve to version 4.0.4 as defined in overrides.
Actual behavior
picomatch resolves to version 4.0.3 via:
jest → jest-haste-map → micromatch → picomatch
Overrides are not consistently applied.
Additional context
Reproduced in multiple projects
Node.js: v22.x
npm: v10.x
OS: Windows
CI: Jenkins
This is impacting vulnerability scans (Harbor/Trivy), which require picomatch >= 4.0.4.
Environment
System:
OS: Windows 11 10.0.26100
CPU: (8) x64 Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz
Binaries:
Node: 22.17.1 - C:\Program Files\nodejs\node.EXE
npm: 10.9.2 - C:\Program Files\nodejs\npm.CMD
npmPackages:
jest: ^30.3.0 => 30.3.0
Version
30.3.0
Steps to reproduce
Create a new Node.js project
Install Jest:
npm install jest
Add override in package.json:
{
"overrides": {
"picomatch": "4.0.4"
}
}
Run:
npm install
Check:
npm ls picomatch
Expected behavior
picomatch should resolve to version 4.0.4 as defined in overrides.
Actual behavior
picomatch resolves to version 4.0.3 via:
jest → jest-haste-map → micromatch → picomatch
Overrides are not consistently applied.
Additional context
Reproduced in multiple projects
Node.js: v22.x
npm: v10.x
OS: Windows
CI: Jenkins
This is impacting vulnerability scans (Harbor/Trivy), which require picomatch >= 4.0.4.
Environment
System: OS: Windows 11 10.0.26100 CPU: (8) x64 Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz Binaries: Node: 22.17.1 - C:\Program Files\nodejs\node.EXE npm: 10.9.2 - C:\Program Files\nodejs\npm.CMD npmPackages: jest: ^30.3.0 => 30.3.0