Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

from what i undersand, minification just involves removing line breaks and tabs and can be un-minified fairly easily with tools such as https://beautifier.io/. obfuscation involves techniques such as changing function/variable names from human-readable to human-unreadable, changing certain strings to concated variations of themselves, base64 encoded, or other similar transformations.

e.g. original code:

function NewObject()

{

var mainApiUrl="https://google.com";

}

minified code:

function NewObject(){var mainApiUrl="https://google.com";}

obfuscated code:

var _0x8275=["\x68\x74\x74\x70\x73\x3A\x2F\x2F\x67\x6F\x6F\x67\x6C\x65\x2E\x63\x6F\x6D"];function ahyt56(){var _0xb40bx2=_0x8275[0]}



Minifiers also reduce variable and function names to a minimal size, one character wherever possible. They do other things too... such as remove semicolons that are not needed (not in general possible, especially if you've gotten rid of line breaks, but can be done in the last statement of a block or function, for example.) The idea is to optimize for bits sent over the wire.

function a(){var b="https://google.com"}

That's why it's difficult to read minified code even if it's not obfuscated to the further extent that you sometimes see in attack payloads.


They usually also reduce variable and function names to single letters, or as short a unique sequence as possible. E.g.,

  function a(){var b="https://google.com";}




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: