[rohannair]

The package size of that thing is ridiculous. Used it once in a React/Redux app and it was about the same size as everything else combined.

Edit: 832kb apparently https://github.com/dropbox/zxcvbn/issues/169

[smnscu]

This is naturally due to having large-ish dictionaries embedded: https://github.com/dropbox/zxcvbn/tree/master/data

Some people in the thread you linked to recommend lazy loading, another idea would be to use a bloom filter – I used this in a project to check server-side for hashes of (MMs of) common passwords.

[FabHK]

Excuse me, it's less than one MB for actually useful (and rarely used) functionality, in a time when many websites routinely weigh in at several MegaBytes for tracking, advertisements, silly pictures and other cruft.

It is very noble that you are concerned about page size (seriously, I frequently travel and am on awfully slow WiFi or mobile networks (remember GPRS and Edge?) and hate wasteful websites with a passion) - but I'd much rather you remove all the other cruft (seriously, how much can two fields for "Enter username and password" take?) and include the most excellent zxcvbn.

[TheAceOfHearts]

It's pretty gigantic, so lazy-loading it is pretty much a hard requirement.

If you're using React/Redux, you probably have a build tool like Webpack setup, which makes loading async dependencies pretty painless.

[Tostino]

If you want to use a server side tool, I wrote a port of it in Java (with quite a few extra features): https://github.com/GoSimpleLLC/nbvcxz

At least on the server side, size doesn't matter quite as much.