I wouldn't suggest using this library/approach. First, read/write in your application directory is begging for trouble. Second, it's using an array lookup instead of an object/map. Third, it's not very flexible.
Alternatively to using Firebae... Self-hosting CockroachDB, FaunaDB, Cloudflare KV+Workers, Azure Storage Tables, DynamoDB and other databases behind an API or Cloudflare Workers are some other options as well for backend storage.
While I do appreciate the approach... I would note that if you're using TypeScript in a supporting editor (VS Code, for example), the initial approach is pretty reasonable.
Another bit worth mentioning... is the F# style pipeline operator proposal, if you're using Babel. [1]
1. https://github.com/tc39/proposal-pipeline-operator
Given the ability to effectively DDoS a server, I'd say it's indeed a threat.
Even in some validation libraries, you'll find some really poor evaluations. For example, doing input validation while typing on an email input field can get pretty nasty, pretty quickly in a couple of the validation frameworks I've used. It was faster/easier to use a simpler validation first, before the more broad validation... (splitting on '@', checking for 2 parts, length and verifying the parts separately), even limiting the length before/after the '@' in practical terms. Of course, this was only a client-side issue... but it's still an issue.
TLDR; Use Promise.all for parallel async operations. const [a, b, c] = await Promise.all([p1, p2, p3]);