Is code obfuscation really useful in javascript?

Question

Recently I have passed to gulp task manager, and I noticed that by default, build task produce .map files. This makes me wonder: is useful to obfuscate code for production deployment? Does it protect my software from being hacked? If yes, should I delete my .map files from there?

Security by obscurity is not a good idea. Soon or later obfuscate code can be de-obfuscate, bad guys have all the time for that while you only have a short period of time to construct your software. — Oscar, Jun 01 '16 at 07:52
No way to protect your webapp from reverse-engineering. Obfuscation is just code-minify tool to decrease download time. — vp_arth, Jun 01 '16 at 07:52

score 7 · Accepted Answer · edited Nov 08 '17 at 12:45

7

Simple obfuscation will not protect your software from being hacked. If you really want to protect your javascript, to add something that will make the life of someone who tries to steal or tamper with your software really difficult, you should check Jscrambler. I have not yet seen any solution that goes even close to the level of protection they enable you to achieve.

As for the source maps question, if you obfuscate yes you should delete them.

edited Nov 08 '17 at 12:45

asherbret

5,439
4
38
58

answered Jun 01 '16 at 09:40

Carl Rck

311
1
7

4

This answer could have done with an explanation of what *exactly* it is that Jscrambler does that you find so effective. – Hashim Aziz Jun 09 '22 at 18:29

score 2 · Answer 2 · edited May 23 '17 at 11:45

2

Javascript obfuscation will not protect your software from being hacked. It is quite easy to write software to un-obfuscate it, or simply use an online tool: http://jsbeautifier.org/

The reason you would want to use Gulp to compress your Javascript would be to make the file size smaller and have less requests to the server. Which makes your site load faster.

To answer your question though: Do not delete your .map files. They are used to reference the "uglified/obfuscated" for debugging. See: https://stackoverflow.com/a/21719713/387761

edited May 23 '17 at 11:45

Community

1
1

answered Jun 01 '16 at 07:52

beingalex

2,416
4
32
71

3

Not all obfuscation and other forms of protection can be un-obfuscated or defeated with jsbeautifier or others of that sort, try to do that with the transformations applied with https://jscrambler.com/en/ It will not work.. – Carl Rck Jun 01 '16 at 09:34

Is code obfuscation really useful in javascript?

2 Answers2