diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll
index 87d85911a1ba..dc08ff47acf6 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll
@@ -30,9 +30,10 @@ module IndirectCommandInjectionConfig implements DataFlow::ConfigSig {
   predicate observeDiffInformedIncrementalMode() { any() }
 
   Location getASelectedSinkLocation(DataFlow::Node sink) {
-    exists(DataFlow::Node node |
-      isSinkWithHighlight(sink, node) and
-      result = node.getLocation()
+    exists(DataFlow::Node highlight | result = highlight.getLocation() |
+      if isSinkWithHighlight(sink, _)
+      then isSinkWithHighlight(sink, highlight)
+      else highlight = sink
     )
   }
 }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll
index 1d396da5b20d..f95dc66b06ff 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll
@@ -31,9 +31,10 @@ module ShellCommandInjectionFromEnvironmentConfig implements DataFlow::ConfigSig
   predicate observeDiffInformedIncrementalMode() { any() }
 
   Location getASelectedSinkLocation(DataFlow::Node sink) {
-    exists(DataFlow::Node node |
-      isSinkWithHighlight(sink, node) and
-      result = node.getLocation()
+    exists(DataFlow::Node highlight | result = highlight.getLocation() |
+      if isSinkWithHighlight(sink, _)
+      then isSinkWithHighlight(sink, highlight)
+      else highlight = sink
     )
   }
 }
diff --git a/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql b/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql
index e66406f84053..53a31c3268de 100644
--- a/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql
+++ b/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql
@@ -33,6 +33,10 @@ module EnvValueAndKeyInjectionConfig implements DataFlow::ConfigSig {
       )
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() {
+    none() // can't override location accurately because of secondary use in select.
+  }
 }
 
 module EnvValueAndKeyInjectionFlow = TaintTracking::Global<EnvValueAndKeyInjectionConfig>;
diff --git a/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql b/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql
index 429744bbbd1d..17d66cdf5770 100644
--- a/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql
+++ b/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql
@@ -27,6 +27,10 @@ module VerifiedDecodeConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) { sink = verifiedDecode() }
+
+  predicate observeDiffInformedIncrementalMode() {
+    none() // used as secondary config
+  }
 }
 
 module VerifiedDecodeFlow = TaintTracking::Global<VerifiedDecodeConfig>;