[Bug]: npm global install of 2026.4.x silently omits channel plugin dependencies, causing cascading MODULE_NOT_FOUND on every CLI command

[redasadki]

Bug type: Regression (worked before, now fails)

Beta release blocker: No

---

Summary

After upgrading from a previous npm global install to OpenClaw 2026.4.x (tested on 2026.4.3 and 2026.4.5), every CLI command fails with Cannot find module for channel plugin dependencies (@slack/logger, @buape/carbon, @larksuiteoapi/node-sdk, grammy), because the packageManager: pnpm declaration causes npm to silently drop these packages during global install hoisting.

Steps to reproduce

1. Install OpenClaw globally via npm: npm install -g openclaw@2026.4.5
2. Run any command: openclaw gateway restart, openclaw doctor, or openclaw security audit --deep
3. Observe Cannot find module '<channel-plugin-dep>' crash before any command completes.
4. Run npm install --prefix /Users/claw/.npm-global/lib/node_modules/openclaw <missing-package> to fix the reported package.
5. Re-run the same command — a different missing package surfaces from a different channel plugin.
6. Repeat: each command that loads a different channel plugin extension reveals a new missing dependency.

Expected behavior

In all prior OpenClaw versions installed via npm install -g openclaw, all required runtime dependencies were present and every CLI command completed without MODULE_NOT_FOUND errors.

Actual behavior

Every CLI command crashes immediately with Cannot find module before completing. The missing packages cascade in this confirmed order across three separate reinstall attempts:

1. @slack/logger (Slack channel plugin, extensions/slack/channel-plugin-api.js)
2. @buape/carbon (Discord channel plugin, extensions/discord/channel-plugin-api.js)
3. @larksuiteoapi/node-sdk (Feishu channel plugin, extensions/feishu/api.js)
4. grammy (Telegram channel plugin, allowed-updates-CPeb0arL.js)

openclaw doctor --fix and openclaw security audit --deep are both unreachable. The gateway aborts on config read.

OpenClaw version

2026.4.5 (3e72c03) — also reproduced on 2026.4.3

Operating system

macOS 26.3.1 (Apple Silicon, Mac Mini, arm64)

Install method

npm global (npm install -g openclaw) — this is the install method that triggers the bug. Workaround: pnpm add -g openclaw resolves all dependencies correctly.

Model

anthropic/claude-opus-4-6

Provider / routing chain

openclaw -> anthropic

Additional provider/model setup details

Not relevant to this bug. The failure occurs before config is read, during channel plugin bootstrapping in bootstrap-registry-DSG7nIY1.js → channel-entry-contract-DyY5TZkc.js → individual extension entry points loaded via jiti.

Logs

[openclaw] Failed to start CLI: Error: Cannot find module '@slack/logger'
Require stack:
- /Users/claw/.npm-global/lib/node_modules/openclaw/node_modules/@slack/web-api/dist/logger.js
 code: 'MODULE_NOT_FOUND'

[openclaw] Failed to start CLI: Error: Cannot find module '@buape/carbon'
Require stack:
- /Users/claw/.npm-global/lib/node_modules/openclaw/dist/ui-7MjYF8PY.js
 code: 'MODULE_NOT_FOUND'

[openclaw] Failed to start CLI: Error: Cannot find module '@larksuiteoapi/node-sdk'
Require stack:
- /Users/claw/.npm-global/lib/node_modules/openclaw/dist/probe-Y2l52Hc0.js
 code: 'MODULE_NOT_FOUND'

[openclaw] Failed to start CLI: Error: Cannot find module 'grammy'
Require stack:
- /Users/claw/.npm-global/lib/node_modules/openclaw/dist/allowed-updates-CPeb0arL.js
 code: 'MODULE_NOT_FOUND'

Impact and severity

• Affected: Any user who installed or updated OpenClaw 2026.4.x via npm install -g openclaw (the install method documented in most guides and READMEs).
• Severity: Critical — the gateway cannot start, openclaw doctor is unreachable, and no CLI commands complete. The install is fully non-functional.
• Frequency: 100% reproducible on a clean npm global install of 2026.4.x.
• Consequence: Users are locked out of their OpenClaw instance entirely, with no path to self-repair via the standard openclaw doctor workflow since doctor itself crashes.

Additional information

Root cause: package.json declares "packageManager": "pnpm@10.32.1". pnpm's non-flat, content-addressable node_modules layout is assumed at runtime by jiti's module resolution. npm's flat hoisting does not replicate this layout, so external channel plugin dependencies are silently omitted.

Workaround (confirmed working): uninstall via npm, install via pnpm:

npm uninstall -g openclaw
pnpm setup && source ~/.zshrc
pnpm add -g openclaw@2026.4.5

Suggested fix: either (a) add an engines or install-time check that warns when npm is used instead of pnpm, (b) bundle all channel plugin dependencies into the dist so no external resolution is needed, or (c) update the README and npm page to document that pnpm add -g is required for 2026.4.x.

Last known good install method: npm global (version prior to 2026.4.x). First known bad: 2026.4.3.

[progamman]

Same issue experienced on MacBook Air M1, OpenClaw 2026.4.2.

Impact: Gateway down for hours until manual npm install.

Workaround found: Use pnpm instead of npm:

pnpm add -g openclaw@2026.4.5

Auto-repair command that works:

pnpm add -g openclaw@CURRENT_VERSION

Note: Our auto-restart script now detects module corruption and attempts repair. Should we update it to use pnpm instead of npm?

[dkthezero]

I try pnpm add -g openclaw@2026.4.5 but the error still exist.
Then manual fix 1 by 1, I think problem is I install npm and pnpm via brew: sudo npm install --prefix /opt/homebrew/lib/node_modules/openclaw @larksuiteoapi/node-sdk

[siraustin]

Still reproducing in OpenClaw 2026.4.20 (041266a, released ~today 2026-04-21).

Hit it fresh when upgrading from 2026.4.15 → 2026.4.20 via npm install -g openclaw@2026.4.20:

Error: Cannot find module '@slack/web-api'
Require stack:
- /opt/homebrew/lib/node_modules/openclaw/dist/extensions/slack/client-DfAuvcFw.js

Verified that openclaw@2026.4.20's package.json lists 42 dependencies but none containing slack — so @slack/web-api is genuinely absent from the declared deps, which matches the OP diagnosis. Meanwhile it IS installed correctly under a sibling global package (@martian-engineering/lossless-claw/node_modules/@slack/web-api), which is why the dedupe-hoisting regression hides the issue unless you upgrade with the right package manager or have the sibling installed.

Workaround I used (npm-based, since switching to pnpm globally isn't an option mid-session):

cd /opt/homebrew/lib/node_modules/openclaw
npm install @slack/web-api --legacy-peer-deps

--legacy-peer-deps is needed because a dev peer-dep conflict around madge@8.0.0 → typescript@^5.4.4 otherwise aborts the sub-install. After the install, require.resolve('@slack/web-api') succeeds and gateway restart loads the Slack extension cleanly.

Given this has been open 15 days across at least six related issues (#58922, #58960, #60004, #61363, #61787, #63043) and is still live on .20, would a one-line fix to move the known-missing channel-plugin deps back into top-level dependencies be accepted? Happy to open a PR if it helps move this along.

[steipete]

Fixed by 7c8f695f1f (fix(plugins): repair bundled runtime deps during doctor).

This is the same packaged bundled-runtime dependency class as #69837: missing bundled channel deps cascade through Slack/Discord/Feishu/Telegram/etc., and doctor/update could not reliably repair before config/channel runtime imports happened. Doctor now repairs bundled runtime deps at the front of the flow and includes configured channel blocks; the package post-update doctor is also marked as update-in-progress so the 2026.4.20 update path can self-repair.

Regression coverage is in 00c117f740, with Docker reproducing the bad packaged state and validating repair through update/doctor mutation paths.

Closing as fixed/same root as #69837. Until the fixed release ships, install the missing deps inside the affected bundled extension directory as the temporary workaround.

[dprev]

Confirming this was still reproducible for me on 2026.4.21 after #61787 was closed.

What I hit on macOS with an existing npm global install:

• upgraded from 2026.4.14 to 2026.4.21
• first failure was the hindsight-openclaw plugin rejecting the older routing keys in my existing config
• after cleaning that up, the larger blocker remained: the 2026.4.21 npm package still appeared packaging-broken at runtime, with bundled deps missing and normal CLI startup not usable
• I rolled back to 2026.4.14 because 2026.4.21 was not operational in my environment

So at least from the npm global upgrade path, the fix did not appear to be fully present in the 2026.4.21 release.

If useful, I can add exact stack traces / missing modules from a fresh repro, but I wanted to note first that this was not resolved for me in the released 2026.4.21 build.