But I don't like that all my code is out in the open verbatim.
What is a good way to obfuscate it? Preferably some command line tool that I can unleash onto a directory, and it will obfuscate every js file it finds in there, including subdirs.
If you want just scrambled identifiers and minification but to keep it in separate modules (which makes it somewhat easier for the user to understand your source), then use what Webpack uses under the hood - https://www.npmjs.com/package/terser
But don't have big hopes for either. You're just making it slightly harder to read, but a sufficiently determined programmer will have your source very soon anyways.
Don't trust any of the "source encryption" solutions. It takes 5 minutes to take the unencrypted code out of a running JS VM instance, there's even a JS API for it in Node.js.