Node.js runtime within LTS support window
What this checks
Checks that the Node.js runtime is within the LTS support window.
Why it matters
Running on unsupported Node.js versions means no security patches for the runtime itself.
How to fix it
ClawVitals checks that Node.js is on an active LTS release. Supported LTS majors are 20 and 22 (even-numbered majors ≥ 20). Odd majors (19, 21, 23) and versions below 20 are not LTS.
Step 1 Check your current version:
node --versionStep 2 Install a supported LTS version. Recommended approach using nvm:
# Install nvm if you don't have it
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
# Then install Node.js 22 LTS
nvm install 22
nvm use 22
nvm alias default 22Or via Homebrew on macOS:
brew install node@22
brew link node@22 --force --overwriteOr via the official installer at nodejs.org download the LTS version.
Step 3 Verify the upgrade:
node --version # should show v20.x.x or v22.x.xStep 4 Restart the OpenClaw gateway so it picks up the new Node version: openclaw gateway restart
Technical details
| Field | Value |
|---|---|
| Control ID | NC-VERS-004 |
| Domain | VERS |
| Severity | Medium |
| Status | Experimental |
| Data source | node_version |
| Source type | contextual |
| Mode | Mode 1 (OpenClaw native) |
| Introduced in | Library v0.1.0 |
| OWASP LLM 2025 | LLM03: Supply Chain |
False positive notes
None expected based on official Node.js release schedule.
Suppress this finding
If this finding is intentional or not applicable to your setup, you can exclude it:
clawvitals exclude NC-VERS-004 reason "your reason here"Exclusions are auditable and expire automatically. See the exclusions guide.