Efficient alternative to the update notifier

[ariya]

Currently, installing TSLint via npm also pulls the update-notifier module, which then pulls >65 other npm packages as its dependencies. This update-notifier module is only used in src/updateNotifier.ts for giving a reminder of an available update, arguably a non-essential feature. In the mean time, the most essential feature of TSLint requires only about a half dozen (dependent) packages.

It is far more efficient to grab https://registry.npmjs.org/tslint, JSON.parse it, and then check for the latest version.

[nchen63]

Agree, I don't think we realized how many dependencies that package used

[ajafff]

Actually it is not as easy as you think.
You need to read the .npmrc file to find out if the user has a custom registry.
You should also use a http library that can work with user's proxy settings.
I don't know which of the above is covered by update-notifier, but that's the minimum requirement to make it work for users inside big corporate networks.

[ariya]

IMHO such a feature does not need to be bundled with TSLint. Nowadays, there are already various services out there to help tracking updates: Greenkeeper, David, libraries.io, etc.

[mprobst]

For a data point, for our usage in Google we disabled this dependency and patched the source to avoid pulling these in.

[adidahiya]

I agree with @ariya, I'm removing the dependency in #2262.