diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 9af00b35..3fef6de8 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -448,6 +448,7 @@
 
 - macro: parent_node_running_npm
   condition: (proc.pcmdline startswith "node /usr/local/bin/npm" or
+              proc.pcmdline startswith "node /usr/local/nodejs/bin/npm" or
               proc.pcmdline startswith "node /opt/rh/rh-nodejs6/root/usr/bin/npm")
 
 - macro: parent_nginx_running_serf