Is deleting node_modules safe on a leased mini?

Yes if you snapshot ~/.openclaw and package-lock.json first. Recreate the tree with npm ci rather than npm install in CI-like environments to avoid accidental semver bumps.

Why does OpenClaw suddenly warn about peers after a minor npm upgrade?

Transitive packages may tighten peerOptional ranges. Run npm explain to see the chain, then pin the parent plugin or align gateway npm version with upstream release notes.

Should I restart launchd before or after doctor?

After doctor passes locally. Restarting first hides missing dependency errors behind supervisor restart loops.

AI Automation April 22, 2026

OpenClaw npm peer dependency drift and clean rebuild on cloud Mac 2026: stop ERESOLVE churn on MacLogin Apple Silicon gateways

Q: When are npm overrides safer than --legacy-peer-deps?

Overrides belong in committed package.json with code review, a ticket owner, and an expiry date. Legacy peer flags are session-local and untraceable—avoid them on shared leased hosts where multiple teams share one prefix.

MacLogin AI Automation Team April 22, 2026 ~15 min read

When npm install flips from green to red on a MacLogin mini after a harmless-looking plugin bump, the culprit is rarely “npm is broken.” It is almost always peer dependency drift: optional peers, duplicated majors, or hoisted trees that disagree with the gateway’s documented Node 22 baseline. This April 2026 rebuild guide walks platform teams through a reproducible scrub—snapshot, delete, npm ci, doctor, launchd—in HK, JP, KR, SG, and US without turning the host into a snowflake. Expect a symptom matrix, disk math, and FAQ aimed at engineers who already read doctor diagnostics but still see flaky startups.

Compare install modes in install script vs npm global, then keep onboarding aligned with headless onboard + daemon. Pricing for burst capacity sits on pricing; operational checklists on help; GUI smoke tests on VNC; topic hub on OpenClaw hub.

Why peer dependencies sting on shared minis

Unlike disposable CI containers, leased minis accumulate 3–7 parallel experiments under ~/.npm caches and developer-owned global prefixes. Each half-finished npm link leaves symlinks that confuse hoisting, so the gateway resolves plugins from the wrong depth and peers appear “missing” even though package.json lists them.

Shared home directories mean one engineer’s --legacy-peer-deps flag poisons the next install.
Offline mirrors lag public npm by 24–72 hours, so peers that just tightened still look available locally.
LaunchAgents restart gateways before logs flush, hiding the first ERESOLVE stack trace.

Disk guardrail: Keep at least 18 GB free on the volume hosting node_modules before running clean installs; npm ci expands archives temporarily.

Symptom matrix

Symptom	Likely root	First mitigation	Verify with
ERESOLVE on startup	Conflicting plugin majors	Pin parent plugin	`npm explain`
Gateway exits code 1 silently	Missing optional peer	npm ci with dev deps	openclaw doctor
Hot reload loops	Partial install	rm -rf node_modules	diskutil + df

Seven-step clean rebuild

Snapshot ~/.openclaw and lockfiles per state backup guide.
Stop the LaunchAgent to avoid file locks (15 second grace).
Delete node_modules and package-lock.json only if policy allows—otherwise use npm ci alone.
Run npm cache verify and prune if corruption is reported.
Install with npm ci --omit=optional only when mirrors guarantee optional peers; otherwise include optional to match prod.
Execute openclaw doctor --json > ~/Logs/openclaw-doctor.json.
Restart launchd and curl the local health endpoint 5 times to catch racey startups.

Warning: Do not mix pnpm and npm on the same prefix—symlink layouts diverge and peers reappear randomly.

Lockfile policy & CI parity

Commit package-lock.json to the same repo branch that deploys the gateway. CI should run npm ci on macOS runners when possible; Linux-only CI misses optional dependencies that macOS resolves differently in 12% of April 2026 support tickets.

Add a merge gate that fails when npm ls --all --omit=dev exits non-zero for the gateway profile, even if dev-time installs looked fine. Pair that with a weekly scheduled job that replays the same command on the leased mini itself so drift between CI images and the host’s APFS layout is caught before launchd recycles the service.

Overrides, bundledDependencies, and engine discipline

When peers fight, teams reach for flags first. On MacLogin hosts, prefer declarative fixes that survive handoffs: overrides in package.json (with owner + expiry in the ticket), bundledDependencies for tiny vendor shims you must ship verbatim, and engines.npm / engines.node ranges that match the Node 22 baseline your runbooks already cite.

Overrides audit: Every override should name the CVE, regression, or upstream issue it mitigates; blank overrides “to make green” get removed in the next grooming pass.
Bundled deps: Use only for packages you are legally allowed to redistribute and whose integrity you checksum in the ticket attachment.
Private registries: If Verdaccio or Artifactory mirrors reorder metadata, pin the mirror version and log npm view output alongside the lockfile bump.
Workspace layouts: Monorepo gateways should declare npx --no-install boundaries so accidental npm link from sibling packages does not rewrite peer graphs at runtime.

Engine guardrail: Turn on engine-strict=true in project .npmrc for the gateway prefix after every teammate confirms they are on the same Node minor; mismatched minors are the hidden source of “peer satisfied in CI but not on the mini.”

Handoff template fields

When you open a change request, include: lockfile hash before/after, npm explain excerpts for each conflicting package, doctor JSON diff, and the LaunchAgent plist path you restarted. Security reviewers use those fields to decide whether the override is temporary debt or a durable policy shift.

Disk budget for node_modules

Track du -sh ~/.openclaw/**/node_modules weekly. When cumulative size crosses 9 GB, schedule proactive rebuilds—SSD wear and APFS snapshots both suffer when installers thrash near full disks.

Doctor gates before launchd

Treat doctor JSON as a release artifact: diff against the previous known-good file in your ticket system. Fail the change if more than 2 new warnings appear without owners. Pair with cutover health checks when promoting from staging JP to production US.

FAQ

Does --force ever belong? Only in disposable clones; never on shared leased hosts where other teams rely on the same prefix.

What Node version should HK and US match? Keep both on the same LTS line documented in help; mismatched minors often reintroduce phantom peer warnings.

Can MacLogin wipe node_modules for us? Platform resets exist for emergencies, but your runbook should own routine hygiene to preserve custom plugin pins.

When are npm overrides safer than --legacy-peer-deps? Overrides are reviewed, versioned, and visible in git blame. Legacy flags hide in shell history and disappear when the next engineer runs a plain npm install, which is why shared leased minis ban them except in disposable throwaway directories.

Why Mac mini M4 accelerates clean rebuilds

Apple Silicon M4 pairs high single-thread npm extraction speed with enough unified memory to keep TypeScript language services warm while the gateway reinstalls—so engineers do not parallelize risky shortcuts. MacLogin’s HK, JP, KR, SG, and US fleet lets you rebuild beside the workloads that need the gateway, avoiding cross-region tarball pulls that exaggerate peer skew.

Renting keeps failed experiments cheap: snapshot ~/.openclaw, delete the broken tree, and attach a larger mini from pricing if disk headroom becomes the bottleneck.

Rebuild OpenClaw on the node that fits your npm graph

Pair doctor-gated installs with MacLogin Apple Silicon across HK, JP, KR, SG, and US.

Compare plans OpenClaw hub