Is it safe to leave private information such as API keys in javascript in WordPress?

I added a media button in WordPress editor, just like the code add_action(‘media_buttons’, ‘add_my_media_button’); function add_my_media_button() { echo ‘

How do I hide API key in create-react-app?

I made a weather app in create-react-app. How do I hide the API key so that I can commit to GitHub? Right now the key is in App.js: const API_KEY = “123456”;