vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 15:30:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(plugins): force dependency installs local

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-25 22:46:41 +01:00
parent 1dfa52d071
commit cbe5515b70
9 changed files with 121 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/plugins/architecture-internals.md
View File

@@ -771,9 +771,11 @@ Security guardrail: every `openclaw.extensions` entry must stay inside the plugi
directory after symlink resolution. Entries that escape the package directory are
rejected.
Security note: `openclaw plugins install` installs plugin dependencies with
`npm install --omit=dev --ignore-scripts` (no lifecycle scripts, no dev dependencies at runtime). Keep plugin dependency
trees "pure JS/TS" and avoid packages that require `postinstall` builds.
Security note: `openclaw plugins install` installs plugin dependencies with a
project-local `npm install --omit=dev --ignore-scripts` (no lifecycle scripts,
no dev dependencies at runtime), ignoring inherited global npm install settings.
Keep plugin dependency trees "pure JS/TS" and avoid packages that require
`postinstall` builds.
Optional: `openclaw.setupEntry` can point at a lightweight setup-only module.
When OpenClaw needs setup surfaces for a disabled channel plugin, or