[Bug]: Deprecated npm dependencies warnings on install (v2026.2.24) #26816
Description
Summary
When installing openclaw@2026.2.24 globally via npm, several deprecated dependency warnings are shown. Some of these deprecated packages have known security vulnerabilities.
Environment
OpenClaw version: 2026.2.24
Node.js version: (agregar tu versión)
npm version: (agregar tu versión)
OS: Windows
Steps to reproduce
npm install openclaw@2026.2.24 --global
Expected behavior
No deprecated dependency warnings on install, or at minimum no packages with known security vulnerabilities.
Actual behavior
These warnings suggest the dependency tree relies on outdated versions of npm's internal tooling. Consider updating transitive dependencies or pinning to patched versions.
OpenClaw version
2026.2.24
Operating system
Windows 11
Install method
npm global
Logs, screenshots, and evidence
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory.
npm warn deprecated npmlog@5.0.1: This package is no longer supported.
npm warn deprecated npmlog@6.0.2: This package is no longer supported.
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Old versions of glob are not supported, and contain widely publicized security vulnerabilities
npm warn deprecated are-we-there-yet@3.0.1: This package is no longer supported.
npm warn deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm warn deprecated gauge@3.0.2: This package is no longer supported.
npm warn deprecated gauge@4.0.4: This package is no longer supported.
npm warn deprecated tar@6.2.1: Old versions of tar are not supported, and contain widely publicized security vulnerabilities
npm warn deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm warn deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilitiesImpact and severity
Security concern: tar@6.2.1 and glob@7.2.3 have publicly disclosed security vulnerabilities.
inflight@1.0.6 has a known memory leak.
Multiple packages (npmlog, gauge, are-we-there-yet) are fully abandoned.
Additional information
These warnings suggest the dependency tree relies on outdated versions of npm's internal tooling. Consider updating transitive dependencies or pinning to patched versions.