npm audit's "scanned package" count showing impossible numbers

What I Wanted to Do

I ran npm audit, and expected a summary line showing vulnerability counts and the total number of scanned dependencies.

What Happened Instead

found 1 low severity vulnerability in **476998** scanned packages

Reproduction Steps

I‚Äôve witnessed that on two separate code bases, upgrading from jest 23.x to 24.x causes this ‚Äúscanned packages‚ÄĚ count to balloon by about 450,000 packages! For comparison, the actual number of dependencies in one of them is 509.

Details

You could probably repro against this code: https://github.com/change/longlinks/tree/d968cbcaf7eb4d426fb7876874e6fdfc9c0c7e23

Platform Info

$ npm --versions
{ '@change-org/longlinks': '0.1.1',
  npm: '6.9.0',
  ares: '1.15.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.34.0',
  node: '10.15.3',
  openssl: '1.1.0j',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.2',
  v8: '6.8.275.32-node.51',
  zlib: '1.2.11' }
$ node -p process.platform
darwin

Reproduced this issue in two separate projects at work.

Adding jest to my package.json adds 860,844 dependencies, according to the ‚ÄúPackages audited‚ÄĚ number from yarn audit.