[integralid]

>Was there ever an obfuscated JS code a human couldn't reverse given enough time?

I reverse malware for a living and no there wasn't. With some experience even the best obfuscation is actually pretty easy to defeat. But the goal of malware analysis is to extract some knowledge (what this code does, IPs, URLs, tokens). Getting a runnable, clean version would often be a long tedious work.

[notepad0x90]

couldn't agree more, I do malware analysis too but like you said only as needed and to understand its capability (more Jscript than JS to be honest, except with the rare node malware). Obfuscation has always been a method of slowing down and discouraging analysis, not preventing it entirely. If it takes a week for a dedicated analyst to reverse it enough to clone the capability, and you do two week release sprints, that might be good enough.