difference between uglify and obfuscate? Is one more safe?

Connor Leech picture Connor Leech · Feb 27, 2014 · Viewed 12.6k times · Source

Recently I was asked to obfuscate my javascript in order to hide a client's api key. I'm using grunt.

Will grunt-contrib-uglify obfuscate my js?

What's the difference between uglify and obfuscate? Is one much more safe than the other?

Answer

Isaac picture Isaac · Oct 15, 2014

Uglify is a code minification tool. It parses the JS, building a token tree out of the code, which can then be used to either compress/minify the code or 'beautify' it, making it readable for debugging, etc. Uglify will NOT obfuscate your code.

On the other hand, using an obfuscation tool such as Stephen Mathieson's Obfuscator can concatenate multiple project files into one, bundling requires and packaging. In this case it also Uglifies the entire job at the end, resulting in an obfuscated, minified JS file. It's not 100% secure, there are ways to de-obfuscate JS code, but it makes it much more difficult to decipher than flat text.

HOWEVER, I would recommend keeping a client's API key out of browser-side code whenever possible. Even if it is obfuscated, it can still be found