From c16dd4e46b58d6c4490284e6edc5c255862e322b Mon Sep 17 00:00:00 2001
From: s100 <shughes1@uk.ibm.com>
Date: Thu, 11 Apr 2024 17:17:57 +0100
Subject: [PATCH] docs: Document that overrides only work in the root
 `package.json` (#7367)

<!-- What / Why -->
<!-- Describe the request in detail. What it does and why it's being
changed. -->
Add documentation explaining that the `package.json` `"overrides"` field
only takes effect at the root `package.json` of a project. Most of this
text is copied from [the
RFC](https://github.com/npm/rfcs/blob/main/accepted/0036-overrides.md#only-root-package-may-contain-overrides)
which originally described this feature.

## References
Fixes #4517.
---
 docs/lib/content/configuring-npm/package-json.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/lib/content/configuring-npm/package-json.md b/docs/lib/content/configuring-npm/package-json.md
index 51c516d5f37e8..9727e7e77f909 100644
--- a/docs/lib/content/configuring-npm/package-json.md
+++ b/docs/lib/content/configuring-npm/package-json.md
@@ -928,6 +928,13 @@ Overrides provide a way to replace a package in your dependency tree with
 another version, or another package entirely. These changes can be scoped as
 specific or as vague as desired.
 
+Overrides are only considered in the root `package.json` file for a project.
+Overrides in installed dependencies (including
+[workspaces](/using-npm/workspaces)) are not considered in dependency tree
+resolution. Published packages may dictate their resolutions by pinning
+dependencies or using an
+[`npm-shrinkwrap.json`](/configuring-npm/npm-shrinkwrap-json) file.
+
 To make sure the package `foo` is always installed as version `1.0.0` no matter
 what version your dependencies rely on: