Recently, I was asked to obfuscate my JavaScript code in order to hide a client's API key. I'm using Grunt.
Will grunt-contrib-uglify obfuscate my JavaScript code?
What's the difference between uglify and obfuscate? Is one much more safe than the other?
UglifyJS is a code minification tool. It parses the JavaScript code, building a token tree out of the code, which can then be used to either compress/minify the code or 'beautify' it, making it readable for debugging, etc. UglifyJS will not obfuscate your code.
On the other hand, using an obfuscation tool, such as Stephen Mathieson's Obfuscator, can concatenate multiple project files into one, bundling requires and packaging. In this case, it also uglifies the entire job at the end, resulting in an obfuscated, minified JavaScript file. It's not 100% secure; there are ways to deobfuscate JavaScript code, but it makes it much more difficult to decipher than flat text.
However, I would recommend keeping a client's API key out of browser-side code whenever possible. Even if it is obfuscated, it can still be found.