There is this awesome online tool, JSNice, that makes a great job of finding names to obfuscated variables.

We make even obfuscated JavaScript code readable. We will rename variables and parameters to names that we learn from thousands of open source projects. Furthermore, often we are also able to guess or infer type annotations.

I'm specifically looking to unminify a minified JavaScript file. Variable renaming is not a big issue, I want it sufficiently readable to be able to analyze the execution.

Your question title indicates merely reversing minified code, and not necessarily understanding it. But if you are attempting to gain an understanding of it, Opera Dragonfly sounds like a tool you may find very useful...

I have always used Dragonfly for analyzing minified code. In addition to having a pretty printer, it also has incredibly handy analysis functionality.

Here is jQuery.min in all it's minified glory...

The button I circled here is the pretty printer which suddenly turns the code into something like this:

Which is a nice start, but it is still very difficult to understand without some idea of what it looks like during execution.

First you need to determine what part of a minified file's functionality you are trying to understand. Event breakpoints are incredibly handy for this because you can set them for almost any user input, or on an element's load. For example, if I wanted to see what happens in jQuery when a mouseover event occurs, I could add an event breakpoint for "mouseover". That way I can see where the entry point into the code is when I move my mouse over a specific element.

When your code hits a breakpoint, you get into a mode where you can, like in many DOM debuggers, interact with the current state of the code you are inspecting. But you are able to do it by hovering the mouse over sections of code so it's really quite easy to keep the code context in mind.

You can also inspect scope and who references what from the "State" sub-tab in the Scripts tab in the same way as you can with the source window. So you can see if a variable overrides another, or if fancy closure magic is happening somewhere, or what scope a variable actually originated from. Also if you look at a DOM element, you can mouse over that to highlight it on the page. (See last picture.)

The Dragonfly console also has this mouseover functionality... Also everything has tab completion, so you can execute any code from any state, inspect at any level of execution, reassign variables, run tests, or just navigate around with [Tab] completion to do just about anything to figure out what the code you are looking at does.

Opera's inspector will definitely aid in reversing and understanding minified or obfuscated code.

There isn't any real distinction between the two. Even UglifyJS calls itself a minification toolkit.

The distinction could be more relevant when comparing JavaScript minification to CSS minification—CSS minification involves only removing whitespace—the original code remains intact.

With JavaScript, it is possible to not only remove whitespace, but also to make transformations to the code, such as truncating variable names to single characters.

Minifying JavaScript not only makes the source smaller; it also makes the code less readable, or obfuscates it. But do not operate under the assumption that minification or uglification, or whatever you want to call it, is a security measure. It isn't encryption. The code is harder to read, but it is not impossible to read, and while it's not usually possible to return minified code back to its original form, it is possible to 'beautify' it and make it more readable.

It doesn't make sense to both minify and uglify, because most minifiers will both remove whitespace and unnecessary characters, as well as obfuscate the code. All you're doing is introducing another build step.

UglifyJS is a code minification tool. It parses the JavaScript code, building a token tree out of the code, which can then be used to either compress/minify the code or 'beautify' it, making it readable for debugging, etc. UglifyJS will not obfuscate your code.

On the other hand, using an obfuscation tool, such as Stephen Mathieson's Obfuscator, can concatenate multiple project files into one, bundling requires and packaging. In this case, it also uglifies the entire job at the end, resulting in an obfuscated, minified JavaScript file. It's not 100% secure; there are ways to deobfuscate JavaScript code, but it makes it much more difficult to decipher than flat text.

However, I would recommend keeping a client's API key out of browser-side code whenever possible. Even if it is obfuscated, it can still be found.