These are similar to Go replace.
See https://docs.npmjs.com/cli/v11/configuring-npm/package-json#overrides

overrides

If you need to make specific changes to dependencies of your dependencies, for example replacing the version of a dependency with a known security issue, replacing an existing dependency with a fork, or making sure that the same version of a package is used everywhere, then you may add an override.

Overrides provide a way to replace a package in your dependency tree with another version, or another package entirely. These changes can be scoped as specific or as vague as desired.

Overrides are only considered in the root package.json file for a project. Overrides in installed dependencies (including workspaces) are not considered in dependency tree resolution. Published packages may dictate their resolutions by pinning dependencies or using an npm-shrinkwrap.json file.

We should design how to handle these, as they do not apply to a detected package, but to other packages in the dependency tree and only in specific conditions.