difference between uglify and obfuscate? Is one more safe?
https://stackoverflow.com//questions/22070512
-
23-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Recently I was asked to obfuscate my javascript in order to hide a client's api key. I'm using grunt.
Will grunt-contrib-uglify obfuscate my js?
What's the difference between uglify and obfuscate? Is one much more safe than the other?
Solution
Uglify is a code minification tool. It parses the JS, building a token tree out of the code, which can then be used to either compress/minify the code or 'beautify' it, making it readable for debugging, etc. Uglify will NOT obfuscate your code.
On the other hand, using an obfuscation tool such as Stephen Mathieson's Obfuscator can concatenate multiple project files into one, bundling requires and packaging. In this case it also Uglifies the entire job at the end, resulting in an obfuscated, minified JS file. It's not 100% secure, there are ways to de-obfuscate JS code, but it makes it much more difficult to decipher than flat text.
HOWEVER, I would recommend keeping a client's API key out of browser-side code whenever possible. Even if it is obfuscated, it can still be found
