docs: update.

soul2zimate · soul2zimate · commit ffd883484bf3 · 2025-08-19T18:22:50.000+08:00
Signed-off-by: Chao Wang &lt;chaowan@redhat.com&gt;
diff --git a/README.md b/README.md
@@ -51,7 +51,7 @@ vulnerability report.
 - For Golang projects, analyzing a `go.mod` file, you must have the `go` binary in your IDE's `PATH` environment. Furthermore, Golang projects can only be analyzed with IntelliJ Ultimate Edition.
 - For Python projects, analyzing a `requirements.txt` file, you must have the `python3` and `pip3` binaries in your
   IDE's `PATH` environment.
-- For Gradle projects, analyzing a `build.gradle` file, you must have the `gradle` binary in your system's `PATH` environment.
+- For Gradle projects, analyzing a `build.gradle` file or `build.gradle.kts` file, you must have the `gradle` binary in your system's `PATH` environment.
 - For base images, analyzing a `Dockerfile`, you must have the [`syft`](https://github.com/anchore/syft?tab=readme-ov-file#installation) and [`skopeo`](https://github.com/containers/skopeo/blob/main/install.md) binaries in your IDE's `PATH` environment.
 
 **Procedure**
diff --git a/src/main/resources/META-INF/plugin.xml b/src/main/resources/META-INF/plugin.xml
@@ -39,7 +39,7 @@
         IDE's <code>PATH</code> environment.
     </li>
     <li>For Node projects, analyzing a <code>package.json</code> file, you must have one of the corresponding package manager <code>npm</code>, <code>pnpm</code> or <code>yarn</code> and
-        <code>node</code> binaries in your IDE's <code>PATH</code> environment.
+        <code>node</code> binaries in your IDE's <code>PATH</code> environment. It also requires a corresponding lock file to be present in order to analyze package.json files.
     </li>
     <li>For Golang projects, analyzing a <code>go.mod</code> file, you must have the <code>go</code> binary in your
         IDE's <code>PATH</code> environment. Furthermore, Golang projects can only be analyzed with IntelliJ Ultimate Edition.
@@ -48,7 +48,7 @@
         <code>pip3</code> binaries in your IDE's <code>PATH</code> environment.
     </li>
     <li>
-        For Gradle projects, analyzing a <code>build.gradle</code> file, you must have the <code>gradle</code> binary in your system's <code>PATH</code> environment.
+        For Gradle projects, analyzing a <code>build.gradle</code> file or <code>build.gradle.kts</code> file, you must have the <code>gradle</code> binary in your system's <code>PATH</code> environment.
     </li>
     <li>For base images, analyzing a <code>Dockerfile</code>, you must have the <code><a
             href="https://github.com/anchore/syft?tab=readme-ov-file#installation" rel="noopener noreferrer"
@@ -122,6 +122,7 @@
         executable.
         <br>If the paths are not provided, your IDE's <code>PATH</code> environment will be used to locate the
         executables.
+        <br>It also requires a corresponding lock file to be present in order to analyze package.json files.
     </li>
     <li>
         <b>Golang</b>:
@@ -396,7 +397,7 @@
   <p>Added support for Proxy setting.</p>
   <p>Enable using the Maven Wrapper.</p>
   <p>No restart needed after installation.</p>
-  <p>Opening and analysing a single package.json file in editor is not supposed anymore.</p>
+  <p>Require a lock file to be present in order to analyze package.json files.</p>
   <p><b>1.0.0</b></p>
   <p>Added support for base image vulnerability scanning in Dockerfiles.</p>
   <p>Bumped Telemetry plugin to 1.1.0.</p>
