diff --git a/crates/project-origins/CHANGELOG.md b/crates/project-origins/CHANGELOG.md
index 3e46c78..8d95d51 100644
--- a/crates/project-origins/CHANGELOG.md
+++ b/crates/project-origins/CHANGELOG.md
@@ -2,6 +2,9 @@
 
 ## Next (YYYY-MM-DD)
 
+- Remove `README.md` files from detection; those were causing too many false positives and were a weak signal anyway.
+- Add Node.js package manager lockfiles.
+
 ## v1.2.1 (2023-11-26)
 
 - Deps: upgrade Tokio requirement to 1.33.0
diff --git a/crates/project-origins/src/lib.rs b/crates/project-origins/src/lib.rs
index c88fa51..ec8b685 100644
--- a/crates/project-origins/src/lib.rs
+++ b/crates/project-origins/src/lib.rs
@@ -236,10 +236,11 @@ pub async fn origins(path: impl AsRef<Path> + Send) -> HashSet<PathBuf> {
 			list.has_file("mix.exs"),
 			list.has_file("moonshine-dependencies.xml"),
 			list.has_file("package.json"),
+			list.has_file("package-lock.json"),
+			list.has_file("pnpm-lock.yaml"),
+			list.has_file("yarn.lock"),
 			list.has_file("pom.xml"),
 			list.has_file("project.clj"),
-			list.has_file("README.md"),
-			list.has_file("README"),
 			list.has_file("requirements.txt"),
 			list.has_file("v.mod"),
 			list.has_file("CONTRIBUTING.md"),