Don't use babel shims... (138kb payload on jsdelivr)

[tracker1]

Most modern browsers support async, and have fetch. It would be better to convert to commonjs imports, without the use of corejs, regenerator, axios, and crypto. The bundle size is likely really huge here.

For the sha1, can use https://www.npmjs.com/package/sha1 since Edge doesn't support SHA1 via SubtleCrypto.

For IE: would need to shim/polyfill Promises, and Fetch

const sha1 = require('sha1');

module.exports = function(password) {
  if (!password || password === '') throw new Error('You must provide a password')
  if (typeof Promise === 'undefined') throw new Error('Missing Promise');
  if (typeof fetch === 'undefined') throw new Error('Missing fetch');

  var digest = sha1(password)
  var firstFive = digest.substr(0, 5)

  return fetch(`https://api.pwnedpasswords.com/range/${firstFive}`)
    .then(function(r) { return r.text() })
    .then(function (t) { return { t.split('\r\n') })
    .then(function (results) {
      return !!results.filter(function (end) { 
        return digest === (firstFive + part);
      }).length;
    });
}

[tracker1]

Edited example code to return the promise chain, can be awaited outside this module as the result is a promise. Also sanity check for Promise and fetch... really only needed for IE support.

Can update webpack to not use babel at all.

[mathiscode]

Thanks for this! I have to dig around some more, but I now have a branch where I'm working on this.

Also, feel free to submit a PR if you get this working universally before I get to it.