eslint-plugin-sonarjs v3.0.1 uses pinned versions for most its of dependencies in its package.json (Same problem in older plugin versions):
It’s kind of odd that the plugin uses range in "typescript": "^5", but everything else is pinned, like "@babel/core": "7.26.0".
Version pinning can be understantable for apps, but not really for libraries (or in this case, plugin). If everybody would do that, node_modules would explode in size.
https://www.reddit.com/r/node/comments/higlf0/heaviest_objects_in_the_universe/