@dunlix either way, if you don't have a config.json, it starts the web installer:
Unsolved Can NODEBB encrypt the password in browser?Make the password not displayed in clear text
There's no way to hide a password completely from the browser. Any extra encryption would depend on https to be delivered to the client anyways, so it wouldn't really add any security.
If you go to pretty much any login form on any website, you'll see the same thing. The password in in plain text in the request, but the request in encrypted with tls when sent over the wire, assuming your site is served over https.
The only way someone would have access to this is if they can also see what you are typing- so basically if they are looking over your shoulder. I don’t think think it would be much of a problem unless you are hacked, in which case the hacker can just install a key logger to also see your password.
@pitaj is correct, there is no point in adding additional client-side encryption, because of the simple fact that you cannot trust what happens client-side.
So the only thing you can do is encrypt the payload over-the-wire, which is exactly what https is doing.