Google APIs: How to manage client credentials in a NodeJS app that's supposed to run locally?

Question

So I made that tool to run some data fetching around and produce a csv file as a result. I've been experimenting with integrating that to Google Sheets to create a spreadsheet with formatting and all, instead of a sad csv file.

That's cool and all, but I'm facing an issue where I'm not sure what authentication method makes the more sense here. This app, or script really, is like a CLI tool and is running locally, so I can't keep any secret in there. When running this kind of app, the doco and research I've done seem to indicate the best way is to use the OAuth 2.0 for desktop app way. Which also makes sense but...

It uses a json file with client credentials in it. How to manage that in this kind of app? I can't just have this json file or its content in the code base. The doco and research I've done don't help that much because Node is more used for server-side jobs and explain stuff in that context, but I would know how to manage credentials in this case. But the problem would be the same with Python or anything else. How do CLI tools manage OAuth flow, and especially, how do they manage client credentials? How do you manage credentials in code you'll be distributing?