diff --git a/core/pom.xml b/core/pom.xml
index 361f147607f..72c4091a835 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -189,7 +189,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
             <artifactId>cpe-parser</artifactId>
         </dependency>
         <dependency>
-            <groupId>com.vdurmont</groupId>
+            <groupId>org.semver4j</groupId>
             <artifactId>semver4j</artifactId>
         </dependency>
         <dependency>
diff --git a/core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java b/core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
index 92db0cb92c5..7faacb0c04c 100644
--- a/core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
+++ b/core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
@@ -21,9 +21,8 @@
 import com.github.packageurl.PackageURL;
 import com.github.packageurl.PackageURL.StandardTypes;
 import com.github.packageurl.PackageURLBuilder;
-import com.vdurmont.semver4j.Semver;
-import com.vdurmont.semver4j.Semver.SemverType;
-import com.vdurmont.semver4j.SemverException;
+import org.semver4j.Semver;
+import org.semver4j.SemverException;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.data.nodeaudit.Advisory;
 import org.owasp.dependencycheck.data.nodeaudit.NodeAuditSearch;
@@ -530,7 +529,7 @@ public static String determineVersionFromMap(String versionRange, Collection<Str
         }
         for (String v : availableVersions) {
             try {
-                final Semver version = new Semver(v, SemverType.NPM);
+                final Semver version = new Semver(v);
                 if (version.satisfies(versionRange)) {
                     return v;
                 }
diff --git a/core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java b/core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
index 77bcec5c63a..7f16342a027 100644
--- a/core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
+++ b/core/src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java
@@ -18,9 +18,8 @@
 package org.owasp.dependencycheck.analyzer;
 
 import com.github.packageurl.MalformedPackageURLException;
-import com.vdurmont.semver4j.Semver;
-import com.vdurmont.semver4j.Semver.SemverType;
-import com.vdurmont.semver4j.SemverException;
+import org.semver4j.Semver;
+import org.semver4j.SemverException;
 import java.io.File;
 import java.util.Set;
 import java.util.regex.Matcher;
@@ -625,7 +624,7 @@ public static boolean npmVersionsMatch(String current, String next) {
                 }
             }
             try {
-                final Semver v = new Semver(right, SemverType.NPM);
+                final Semver v = new Semver(right);
                 return v.satisfies(left);
             } catch (SemverException ex) {
                 LOGGER.trace("ignore", ex);
@@ -638,7 +637,7 @@ public static boolean npmVersionsMatch(String current, String next) {
                 }
             }
             try {
-                Semver v = new Semver(left, SemverType.NPM);
+                Semver v = new Semver(left);
                 if (!right.isEmpty() && v.satisfies(right)) {
                     return true;
                 }
@@ -646,7 +645,7 @@ public static boolean npmVersionsMatch(String current, String next) {
                     left = current;
                     right = stripLeadingNonNumeric(right);
                     if (right != null) {
-                        v = new Semver(right, SemverType.NPM);
+                        v = new Semver(right);
                         return v.satisfies(left);
                     }
                 }
diff --git a/core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java b/core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
index 57bcf58aaea..dd377f6ff65 100644
--- a/core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
+++ b/core/src/main/java/org/owasp/dependencycheck/analyzer/NodePackageAnalyzer.java
@@ -347,7 +347,7 @@ private void processDependencies(JsonObject json, File baseDir, File rootFile,
             String parentPackage, Engine engine) throws AnalysisException {
           final boolean skipDev = getSettings().getBoolean(Settings.KEYS.ANALYZER_NODE_PACKAGE_SKIPDEV, false);
           final JsonObject deps;
-
+          final File modulesRoot = new File(rootFile.getParentFile(), "node_modules");
           final int lockJsonVersion = json.containsKey("lockfileVersion") ? json.getInt("lockfileVersion") : 1;
           if (lockJsonVersion >= 2) {
             deps = json.getJsonObject("packages");
@@ -370,8 +370,9 @@ private void processDependencies(JsonObject json, File baseDir, File rootFile,
                 } else {
                     base = Paths.get(baseDir.getPath(), "node_modules", name).toFile();
                     if (!base.isFile()) {
-                        if ("node_modules".equals(baseDir.getParentFile().getName())) {
-                            base = Paths.get(baseDir.getParent(), name).toFile();
+                        final File test = new File(modulesRoot, name);
+                        if (test.isDirectory()) {
+                            base = test;
                         }
                     }
                 }
diff --git a/core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DatabasePropertiesIT.java b/core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DatabasePropertiesIT.java
index 332cbc76fdc..54b3d5b179e 100644
--- a/core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DatabasePropertiesIT.java
+++ b/core/src/test/java/org/owasp/dependencycheck/data/nvdcve/DatabasePropertiesIT.java
@@ -17,7 +17,7 @@
  */
 package org.owasp.dependencycheck.data.nvdcve;
 
-import com.vdurmont.semver4j.Semver;
+import org.semver4j.Semver;
 import org.owasp.dependencycheck.BaseDBTestCase;
 import java.util.Properties;
 import org.junit.After;
@@ -99,7 +99,7 @@ public void testGetProperty_String() throws DatabaseException {
         DatabaseProperties instance = cveDb.getDatabaseProperties();
         String result = instance.getProperty(key);
         
-        Semver ver = new Semver(result, Semver.SemverType.LOOSE);
+        Semver ver = new Semver(result);
         assertTrue(ver.getMajor() >= 5);
     }
 
diff --git a/core/src/test/java/org/owasp/dependencycheck/utils/SemverTest.java b/core/src/test/java/org/owasp/dependencycheck/utils/SemverTest.java
new file mode 100644
index 00000000000..758f8d9d47f
--- /dev/null
+++ b/core/src/test/java/org/owasp/dependencycheck/utils/SemverTest.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.owasp.dependencycheck.utils;
+
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+import org.semver4j.Semver;
+
+/**
+ *
+ * @author Jeremy Long
+ */
+public class SemverTest {
+
+    /**
+     * Test of semver4j. See https://github.com/jeremylong/DependencyCheck/issues/5128#issuecomment-1343080426
+     */
+    @Test
+    public void testSemver() {
+        Semver semver = new Semver("3.1.4");
+        assertTrue(semver.satisfies("^3.0.0-0"));
+    }
+}
diff --git a/pom.xml b/pom.xml
index e4f8700f396..edf2aedb6bd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1068,9 +1068,9 @@ Copyright (c) 2012 - Jeremy Long
                 <version>0.0.2.1</version>
             </dependency>
             <dependency>
-                <groupId>com.vdurmont</groupId>
+                <groupId>org.semver4j</groupId>
                 <artifactId>semver4j</artifactId>
-                <version>3.1.0</version>
+                <version>4.0.0</version>
             </dependency>
             <dependency>
                 <groupId>org.jetbrains</groupId>