How do I make the source code of the PhoneGap App hidden?

There is no solid way to protect your assets in PhoneGap or Cordova-based apps. For one of my clients I end up implementing special plugin for PhoneGap for Android, which reads my assets from Password-protected ZIP and serve in runtime. Then I get more crazy and implemented custom version of ZIP library and changed headers so none else can decompress my files and blend my password into library itself. And finally I used  Java obfuscator to compile my plugin for Android. At end I spent LOTs of time to just protect assets as my client asked for but still someone with good decompiler and  lots of time to spend can crack this too. Also I don't think this is ideal, because you will end up spending lots of your valuable time building something that is not your product feature. You will create big dependency which requires maintenance to support new versions of PhoneGap or different platforms as well! I bet you can find more ways to protect files in same fashion. Here is another sample: http://oleksiy.pro/2011/09/20/phonegap-application-encryption/ But I don't consider using those methods anymore and I just obfuscate (uglify) my JS/HTML/CSS files using build systems (Either Gulp or Grunt) I use one or more round of JS uglification (Love this name ;) ) to make my JS pretty much different than original and all combined in one file. I minify my HTML and remove all comments and include all external templates (If  I use Angular) within same HTML file. For CSS, I compress and remove un-used CSS files (after compiling less files) and that's it! This way it's hard enough to get access to meaningful source code and it's easy to maintain the build process. Also most of these processes not only secure your assets (kind of!) but also improve your performance since you minify and combine files. Finally, I recommend you to focus on customers who buying your app rather than who is cracking it.

As others have responded the code has to be visible somehow. Otherwise there's no code to run., and it's pure Javascript, not Javascript compiled to bytecode or machine code.The most realistic approach is obfuscation and minimization. Still possible to unravel, and the code still runs of course, but harder to comprehend for a drive-by code stealer.Here's an online variant that does both: https://javascriptobfuscator.com/ (I'm not affiliated and I haven't used it). How well it handles external functions and data I don't know. Obviously it must not affect e.g. calls to plugins.I minimize in cases, but I don't obfuscate.