diff --git a/lib/cli/index.js b/lib/cli/index.js
index af2de430c..955954ce5 100644
--- a/lib/cli/index.js
+++ b/lib/cli/index.js
@@ -2873,9 +2873,15 @@ export async function createNodejsBom(path, options) {
       }
       const rdeplist = [];
       if (parsedList.dependenciesList && parsedList.dependenciesList) {
+        // copyright (c) 2025 Atlassian US, Inc.
+        // First read package.json to get direct dependencies
+        const pkgData = JSON.parse(readFileSync(packageJsonF, "utf8"));
+        const directDeps = {
+          ...(pkgData.dependencies || {}),
+          ...(pkgData.devDependencies || {}),
+        };
         // Inject parent component to the dependency tree to make it complete
-        // In case of yarn, yarn list command lists every root package as a direct dependency
-        // The same logic is matched with this for loop although this is incorrect since even dev dependencies would get included here
+        // Add only direct dependencies to the dependency tree of the parent component
         for (const dobj of parsedList.dependenciesList) {
           rdeplist.push(dobj.ref);
         }
@@ -2892,7 +2898,10 @@ export async function createNodejsBom(path, options) {
           ).toString();
           parsedList.dependenciesList.push({
             ref: decodeURIComponent(ppurl),
-            dependsOn: [...new Set(rdeplist)].sort(),
+            dependsOn: rdeplist.filter(ref => {
+              const pkgName = ref.split('/')[1].split('@')[0];
+              return directDeps.hasOwnProperty(pkgName);
+            }).sort(),
           });
         }
         dependencies = mergeDependencies(