The database credentials don't need to be stored in the client code. They're actually stored in the NodeJS server, and that server is supposed to be used outside of the client code (you can use services like Heroku or Glitch to host it).
I put that routes.js file (which is the NodeJS server) in the client code just for the sake of simplicity, but you can put it anywhere outside of the client code and it'll work just fine :)
Only thing you might worry about is protecting the server's URL in the fetch function that you'll use inside the client.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
The database credentials don't need to be stored in the client code. They're actually stored in the NodeJS server, and that server is supposed to be used outside of the client code (you can use services like Heroku or Glitch to host it).
I put that routes.js file (which is the NodeJS server) in the client code just for the sake of simplicity, but you can put it anywhere outside of the client code and it'll work just fine :)
Only thing you might worry about is protecting the server's URL in the fetch function that you'll use inside the client.