Let me get this straight. Passwords, including the password of a domain admin, are hardcoded as plain text in client side JavaScript files. Surely, I must be reading this wrong?
Reading it wrong. Any application needs to use secrets, it's up to the developer to pass them in properly. For example, you can use environmental variables, command line args when running the process, or a config file. This isn't a client-side library.
Yeah you're reading it wrong. This is for node so it'd never be client side, and I'm sure the pw examples are in plaintext just for simplicity in the README.