Keep in mind that React apps are entirely run on the client-side, so even with env variables, the key will essentially be embedded into the code when compiled, and users will be able to view the key if they start digging around in the browsers dev tools. So this is a good way to keep the key out of a git repository, but this method doesn't keep it secret in a production environment
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Keep in mind that React apps are entirely run on the client-side, so even with env variables, the key will essentially be embedded into the code when compiled, and users will be able to view the key if they start digging around in the browsers dev tools. So this is a good way to keep the key out of a git repository, but this method doesn't keep it secret in a production environment