diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index bc4dc6e..62856f6 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -80,6 +80,7 @@ jobs:
           #             (https://github.com/clearlydefined/curated-data/pull/32066)
           # npm/bignumber.js: ClearlyDefined error showing inaccurate license
           # pypi/chardet: LGPL-2.1-or-later -- only approving as a one-off
+          # npm/@img/sharp*: LGPL-3.0-or-later -- only approving as a one-off; for local dev using claude code
           allow-dependencies-licenses: >-
             pkg:npm/@lancedb/lancedb,
             pkg:npm/@lancedb/lancedb-darwin-arm64,
@@ -104,7 +105,9 @@ jobs:
             pkg:maven/com.google.errorprone/error_prone_annotations,
             pkg:npm/canvas,
             pkg:npm/bignumber.js,
-            pkg:pypi/chardet
+            pkg:pypi/chardet,
+            pkg:npm/@img/sharp-libvips-linuxmusl-arm64,
+            pkg:npm/@img/sharp-libvips-linuxmusl-x64
 
           # Known vulnerabilities we're ok with ignoring.
           # These are generally because they are in an older python kernel