Probably worth looking at xterm.js[1] for a more fully featured terminal client for browser usage. It's the core of what's used in VS Code's terminal tab as well as Tabby and other terminal apps.
1. http://xtermjs.org/
You would need to update the target domain to return appropriate CORS headers, allowing your resource domain, there's nothing you can do from the client. If you don't control the resource domain, you will need to setup a reverse proxy.
I've generally used Caddy in a Docker container to serve static app resources and revere proxy an /api route as needed. Most web frameworks will have the option to do the same for while you're in watch/dev mode.
Mentions Node's Buffer, but no mention on converting strings to/from Uint8Array (typed array) to/from base64. The inverse methods should also be present or linked.
I think actually running tests would be more appropriate than simply making declarations. SQLite's locking mechanism will synchronize a lot of activity anyway.
What you probably should do, if there's lots of other things going on, if you're using SQLite with Node.js, is segment your database requests into a separate worker. This is going to be regardless of the SQL library you choose.
Beyond this, I'm not a fan of ORMs in scripted languages anyway. It adds a lot of overhead for almost no real value.
Been playing with this for a while. I setup a github project that will build via Lume and publish to Cloudfare Pages in about an hour. The setup is relatively easy, I'd say it's a bit nicer than Jekyll and others I've tried.