openclaw - 💡(How to fix) Fix Auto-update silently fails on npm-installed instances: package manager misdetected as pnpm

Summary

Auto-update silently fails on npm-installed OpenClaw because the package manager is misdetected as pnpm. The detection heuristic appears to key off the presence of pnpm-lock.yaml inside the package, but that file ships in the npm tarball regardless of how the user installed it — so the updater tries to call pnpm install -g openclaw@latest on systems where pnpm doesn't exist, and every auto-update attempt fails.

Environment

• OpenClaw: 2026.5.27 (also reproduced on 2026.5.12)
• Install method: npm install -g openclaw (npm 10.9.7, Node v22.22.2)
• Install path: ~/.npm-global/lib/node_modules/openclaw (npm prefix ~/.npm-global)
• pnpm: not installed (which pnpm → not found)
• OS: Linux 6.17.0-1010-azure (x64)

Reproduction

1. Install OpenClaw globally via npm only: npm install -g openclaw
2. Do not install pnpm.
3. Enable auto-update in openclaw.json:

   "update": {
     "channel": "stable",
     "auto": { "enabled": true, "stableDelayHours": 6, "stableJitterHours": 12 }
   }

4. Wait for a new release to ship, or run openclaw update status --json.

Observed

openclaw update status --json reports pnpm as the install method even though only npm exists on the system:

{
  "update": {
    "root": "/home/boycez/.npm-global/lib/node_modules/openclaw",
    "installKind": "package",
    "packageManager": "pnpm",
    "deps": {
      "manager": "pnpm",
      "status": "unknown",
      "lockfilePath": "/home/boycez/.npm-global/lib/node_modules/openclaw/pnpm-lock.yaml",
      "markerPath": "/home/boycez/.npm-global/lib/node_modules/openclaw/node_modules/.modules.yaml",
      "reason": "lockfile missing"
    }
  }
}

~/.openclaw/update-check.json shows the auto-updater has been attempting and failing since shortly after the last successful run in April:

{
  "autoLastSuccessVersion": "2026.4.23",
  "autoLastSuccessAt": "2026-04-25T17:13:15.366Z",
  "autoLastAttemptVersion": "2026.5.26",
  "autoLastAttemptAt": "2026-05-28T11:04:55.901Z",
  "lastAvailableVersion": "2026.5.27"
}

i.e. ~5 weeks of silently-failed auto-updates. Each retry presumably tries to call pnpm, which doesn't exist, so the update never lands. The user only noticed when a model upgrade made them want the latest version.

Expected

Either:

• (a) The detector should verify the package manager binary actually exists on $PATH before selecting it. Presence of pnpm-lock.yaml inside the installed package is not evidence of how the user installed it; the lockfile is shipped in the npm tarball.
• (b) The detector should prefer the package manager that corresponds to the install path (e.g. if the package lives under npm config get prefix, prefer npm).
• (c) Expose a update.packageManager config override (npm | pnpm | yarn | auto) so users can force the right one when auto-detection picks the wrong tool.

Ideally (a) + (c).

Suggested fix

In the package-manager detection logic:

1. Resolve install root → candidate managers (e.g. npm prefix match → npm).
2. Probe pnpm-lock.yaml / yarn.lock only as a tiebreaker.
3. Reject any candidate whose binary is not on $PATH.
4. Honor an explicit update.packageManager config field if set.

Also worth surfacing failed auto-update attempts in openclaw update status (e.g. "auto-update has failed N times since X — see logs") so they don't sit silent for weeks.

Impact

Anyone who installed via npm on a system without pnpm gets no auto-updates and no warning. That's likely a large share of users, since npm is the default Node package manager.

Workarounds

• npm install -g pnpm (pollutes system with an unused package manager just to satisfy the detector)
• Periodic cron running npm install -g openclaw@latest (bypasses the broken updater)
• Manual updates

Filed on behalf of a user; happy to provide any additional diagnostic info.