#I'm getting: DeprecationWarning: The `punycode` module is deprecated

1 messages · Page 1 of 1 (latest)

wicked hornet
#

(node:1861181) [DEP0040] DeprecationWarning: The punycode module is deprecated. Please use a userland alternative instead.
(Use node --trace-deprecation ... to show where the warning was created)

is this expected? punycode has been deprecated for a considerable while IIRC.

ember otterBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> âś… Mark Solution

thin minnowBOT
# wicked hornet (node:1861181) [DEP0040] DeprecationWarning: The `punycode` module is deprecated...

Yeah, that warning can be “expected” these days.

punycode (the built-in Node core module) has been deprecated forever, but a bunch of transitive deps in the ecosystem still end up doing require("punycode") (often via URL/IDNA handling). Newer Node versions are a lot more willing to print that deprecation at runtime, so you’ll suddenly see it even if nothing actually broke.

It’s not fatal—just noisy.

If you want to see who is triggering it, run with a trace and paste the first stack:

NODE_OPTIONS=--trace-deprecation openclaw ...   # or whatever command starts it
# (or: node --trace-deprecation <entrypoint.js>)

If it’s from OpenClaw, also include:

  • openclaw --version
  • node -v
#

And if you just want to silence it (not my favorite, but valid):

NODE_OPTIONS=--no-deprecation openclaw ...
# or
NODE_NO_WARNINGS=1 openclaw ...
wicked hornet
#

~% openclaw doctor --fix

🦞 OpenClaw 2026.2.6-3 (85ed6c7) — I'm the reason your shell history looks like a hacker-movie montage.
🦞 OPENCLAW 🦞

┌ OpenClaw doctor
(node:1863359) [DEP0040] DeprecationWarning: The punycode module is deprecated. Please use a userland alternative instead.
(Use node --trace-deprecation ... to show where the warning was created)
│

thin minnowBOT
# wicked hornet ~% openclaw doctor --fix 🦞 OpenClaw 2026.2.6-3 (85ed6c7) — I'm the reason your...

Yep — but it’s mostly a Node-version / dependency-tree “noise” thing, not an OpenClaw-is-broken thing.

A few notes:

  • OpenClaw itself doesn’t intentionally use the deprecated core punycode module. This warning usually comes from some transitive dependency still doing require("punycode") (URL/IDNA stuff is a common culprit).
  • Depending on your Node version and flags, Node will print [DEP0040] even though everything keeps working.

If you want to pinpoint the exact package causing it, run:

echo "$NODE_OPTIONS"
node -v
NODE_OPTIONS="--trace-deprecation" openclaw doctor --fix

…and paste the first stack trace block that shows which file required punycode.

#

Also worth checking: if you have --pending-deprecation or similar in NODE_OPTIONS, you’ll see a lot more of these warnings than most people.

If the stack points into OpenClaw’s bundled code (or a specific dependency we ship), best next step is to file an issue with that stack + your node -v + openclaw --version:
https://github.com/openclaw/openclaw/issues

wicked hornet
#

âžś echo "$NODE_OPTIONS"
node -v
NODE_OPTIONS="--trace-deprecation" openclaw doctor --fix

v25.4.0

🦞 OpenClaw 2026.2.6-3 (85ed6c7) — Because Siri wasn't answering at 3AM.
🦞 OPENCLAW 🦞

┌ OpenClaw doctor
(node:1870975) [DEP0040] DeprecationWarning: The punycode module is deprecated. Please use a userland alternative instead.
at node:punycode:7:10
at BuiltinModule.compileForInternalLoader (node:internal/bootstrap/realm:398:7)
at BuiltinModule.compileForPublicLoader (node:internal/bootstrap/realm:337:10)
at loadBuiltinModule (node:internal/modules/helpers:125:7)
at loadBuiltinWithHooks (node:internal/modules/cjs/loader:1194:15)
at Module._load (node:internal/modules/cjs/loader:1284:48)
at TracingChannel.traceSync (node:diagnostics_channel:328:14)
at wrapModuleLoad (node:internal/modules/cjs/loader:245:24)
at Module.require (node:internal/modules/cjs/loader:1547:12)
at require (node:internal/modules/helpers:152:16)
│

thin minnowBOT
# wicked hornet âžś echo "$NODE_OPTIONS" node -v NODE_OPTIONS="--trace-deprecation" openclaw docto...

That trace is basically “best case” for --trace-deprecation here: it shows where the warning is emitted (inside node:punycode when that builtin is loaded), but it doesn’t tell you who required it, because the emitWarning() happens during the module’s own initialization.

So: expected-ish on Node v25.4.0 if anything in the dependency tree still does require("punycode"). Nothing is broken; it’s just noise.

Easiest fix: silence just DEP0040

NODE_OPTIONS="--disable-warning=DEP0040" openclaw doctor --fix

(There’s also --no-deprecation / NODE_NO_WARNINGS=1, but those are broader.)

If you want to identify the culprit package

Create trace-punycode.cjs:

// trace-punycode.cjs
# 
const Module = require("node:module");
const orig = Module._load;

Module._load = function (request, parent, isMain) {
  if (request === "punycode") {
    console.error("punycode required by:", parent?.filename);
    console.error(new Error("require stack").stack);
  }
  return orig.apply(this, arguments);
};

Then run:

# 
NODE_OPTIONS="--require ./trace-punycode.cjs" openclaw doctor --fix

If you paste the punycode required by: ... line, we can tell whether it’s something OpenClaw can realistically update/avoid, or just an upstream dependency we should ticket.

wicked hornet
#

punycode required by:
whatwg-url@5.0.0
tr46@0.0.3

Dependency chain:
grammy@1.39.3
└── node-fetch@2.7.0
└── whatwg-url@5.0.0
└── tr46@0.0.3

Root cause: grammy (Telegram bot framework) depends on node-fetch v2, which is a CJS package that pulls in the ancient whatwg-url@5 / tr46@0.0.3, both of which
require("punycode") from Node's deprecated built-in.

thin minnowBOT
# wicked hornet punycode required by: whatwg-url@5.0.0 tr46@0.0.3 Dependency chain: ...

That’s a perfect trace, and yep — that makes it “expected” (and harmless) on Node 25:

  • grammy → node-fetch@2 → whatwg-url@5 → tr46@0.0.3 → require("punycode")
  • Node resolves "punycode" to the deprecated core builtin, so you get [DEP0040].

OpenClaw can’t really “fix” this from the outside unless we:

  1. update/replace the upstream dependency chain (e.g. move off node-fetch@2 / old whatwg-url), or
  2. avoid loading that Telegram stack eagerly so the warning never triggers unless Telegram is actually used.

For your setup right now, best options:

  • Use an LTS Node (22/24). Node 25 is non‑LTS and tends to surface more deprecation noise.
  • Or just silence that specific warning:
    NODE_OPTIONS="--disable-warning=DEP0040" openclaw doctor --fix
#

If you can, please open a GitHub issue with exactly what you posted (chain + node -v + openclaw --version) so it’s tracked:
https://github.com/openclaw/openclaw/issues

If this answered it, please right-click the solution message → Apps → ✅ Mark Solution so Answer Overflow indexes it.

wicked hornet
#

thanks. I switched the node version. (I won't be opening a gh ticket)

thin minnowBOT
# wicked hornet thanks. I switched the node version. (I won't be opening a gh ticket)

Makes sense — switching off Node 25 is the cleanest move.

For future you (or anyone else hitting it): it’s coming from the Telegram stack (grammy → node-fetch@2 → whatwg-url@5 → tr46 → punycode), so it’ll keep popping up on newer Node versions until that chain modernizes or we lazy-load it.

Glad that fixed it. If you want this indexed, right-click the solution message → Apps → ✅ Mark Solution.