diff --git a/docs/docs/coverage/language/nodejs.md b/docs/docs/coverage/language/nodejs.md
index c371a1117178..addeb484867e 100644
--- a/docs/docs/coverage/language/nodejs.md
+++ b/docs/docs/coverage/language/nodejs.md
@@ -55,6 +55,9 @@ By default, Trivy doesn't report development dependencies. Use the `--include-de
 ### pnpm
 Trivy parses `pnpm-lock.yaml`, then finds production dependencies and builds a [tree][dependency-graph] of dependencies with vulnerabilities.
 
+!!! note
+    Trivy currently only supports Lockfile [v6][pnpm-lockfile-v6] or earlier.
+
 ### Bun
 Trivy supports scanning `yarn.lock` files generated by [Bun](https://bun.sh/docs/install/lockfile#how-do-i-inspect-bun-s-lockfile). You can use the command `bun install -y` to generate a Yarn-compatible `yarn.lock`.
 
@@ -69,5 +72,6 @@ Trivy searches for `package.json` files under `node_modules` and identifies inst
 It only extracts package names, versions and licenses for those packages.
 
 [dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies
+[pnpm-lockfile-v6]: https://github.com/pnpm/spec/blob/fd3238639af86c09b7032cc942bab3438b497036/lockfile/6.0.md
 
 [^1]: [yarn.lock](#bun) must be generated