diff --git a/packages/sbom-tools/src/production-deps.ts b/packages/sbom-tools/src/production-deps.ts
index 7b337aa9..2ccd0713 100644
--- a/packages/sbom-tools/src/production-deps.ts
+++ b/packages/sbom-tools/src/production-deps.ts
@@ -73,7 +73,7 @@ export function findAllProdDepsTreeLocations(from = process.cwd()): string[] {
       ...Object.keys(optionalDependencies),
     ].forEach((dep) => {
       try {
-        const depLocation = findPackageLocation(dep, from);
+        const depLocation = findPackageLocation(dep, packageLocation);
 
         if (depLocation) {
           allLocations.add(depLocation);
diff --git a/packages/sbom-tools/src/webpack-dependencies-plugin.spec.ts b/packages/sbom-tools/src/webpack-dependencies-plugin.spec.ts
index d66734bf..f35b618f 100644
--- a/packages/sbom-tools/src/webpack-dependencies-plugin.spec.ts
+++ b/packages/sbom-tools/src/webpack-dependencies-plugin.spec.ts
@@ -185,6 +185,7 @@ describe('WebpackDependenciesPlugin', function () {
         version: '0.1.0',
         dependencies: {
           pkg2: '^0.1.0',
+          pkg4: '^1.2.3',
         },
       }),
       'node_modules/pkg1/index.js': '',
@@ -206,6 +207,16 @@ describe('WebpackDependenciesPlugin', function () {
         version: '0.1.0',
       }),
       'node_modules/pkg3/index.js': '',
+      'node_modules/pkg4/package.json': JSON.stringify({
+        name: 'pkg4',
+        version: '1.2.4', // should be ignored in favor of nested one
+      }),
+      'node_modules/pkg4/index.js': '',
+      'node_modules/pkg1/node_modules/pkg4/package.json': JSON.stringify({
+        name: 'pkg4',
+        version: '1.2.5',
+      }),
+      'node_modules/pkg1/node_modules/pkg4/index.js': '',
     };
 
     const dependencies = await runPlugin(structure, {
@@ -233,6 +244,11 @@ describe('WebpackDependenciesPlugin', function () {
         name: 'pkg3',
         version: '0.1.0',
       },
+      {
+        licenseFiles: [],
+        name: 'pkg4',
+        version: '1.2.5',
+      },
     ]);
   });