[maxwg]

JS was never really obfuscated - it wasn't the goal of minification. Minifiers especially struggle with ES6 classes/etc, outputting code that is almost human readable.

Proper obfuscation libraries exist, typically at the cost of a pretty notable amount of performance that I'd wager most are not willing to sacrifice

And like even the best of client-side DRM, everything can be reverse engineered. All the code has been downloaded to the user's machine. It's one of the (IMO terrible) excuses for the SaaSification of all software

[integralid]

minification was originally about sending less bytes on the wire and saving a bit of performance. Somewhere along the road people started misusing this for security, because JS evolved from "a few snippets of code to make my site more interactive" to SPAs