If it's a web app and it makes API requests it might be pretty hard to make cross-domain web requests. So if your app is naturally complicated enough this isn't an issue.
If it's like a javascript web game without much of a server component, you could try to hide a lot of the execution of the code within in a closure. dynamically loading the code with a script would add to this obfuscation.
in the end you are probably fine.
one final bit of obfuscation that i have always wanted to try was to load the JS via a web-socket on a worker process. that should even hide a lot of the js file being loaded.
if you needed to go farther some people have even done some degree of encryption. again all of this is probably way more than you need. I've never worried about this. if someone has the time to steal your code and work with it you should probably hire them or go have coffee with them and ask for feedback.
it's a great honor for someone to read and interact with your code.
If it's like a javascript web game without much of a server component, you could try to hide a lot of the execution of the code within in a closure. dynamically loading the code with a script would add to this obfuscation.
in the end you are probably fine.
one final bit of obfuscation that i have always wanted to try was to load the JS via a web-socket on a worker process. that should even hide a lot of the js file being loaded.
if you needed to go farther some people have even done some degree of encryption. again all of this is probably way more than you need. I've never worried about this. if someone has the time to steal your code and work with it you should probably hire them or go have coffee with them and ask for feedback.
it's a great honor for someone to read and interact with your code.