Does it make sense to obsfucate Javascript? The only clear benefits I can see are to hide code (albeit non-proprietary in nature since it's client-side) from prying eyes and as a minimizer since often Javascript obsfucators do minimization as well.
I do not think that JavaScript obfuscation is worth the effort for concealment purposes in most general scenarios. However, minification is worth-it, for many reasons, which as you mentioned, has the minor side-effect of obfuscating code as well.
Well, if its not some cutting edge javascript code that should not be easily copied and reproduced, and the script is not too big in bytes, i would not do the bother. Its a bit hassle to do the obfuscating each time you need a deploy, and the benefit is small.
That is, the script is not too big , and code does not to be protected.
(even obfuscation does not really protect your code, just make it abit harder to understand)
I have used the YUI Builder, I find it good for reducing the size of my javascript a great deal. So minimization aspect of the obfuscation is a very useful in itself.
In terms of security, I guess anything you can do to make it harder for malicious user to figure out how your stuff works, the better off you are.
Lastly most obsfuscators will give you warnings or errors when it encounters badly written javascript, and as a whole will improve the quality of your code as well.
So in summary
Cons: You gotta run the obfuscator
Pros:
- Smaller files
- Harder for malicious users to figure out how your stuff works.
- Higher quality javascript (if you listen to the obsfuscator).
I don't think it is worthwhile, because anyone motivated enough to get your code can still get it. As far as minimizing, I don't bother, since gzip mitigates the need for that.
Obfuscating is a side effect of minimizing. Your variables, functions, etc. are renamed to the shortest possible length to save space. Otherwise, minimizers would simply be white space removers.
While definitely possible to tell what your code is doing even if it was obfuscated, it will be much harder to someone "casually" looking at your code.
The Dojo library has a component called ShrinkSafe. It will compress your JavaScript file and will obfuscate the code some. This way, you can keep the originals somewhere and then release only the ones ran through ShrinkSafe.