How to protect the Apps Script code in a Google spreadsheet?

Short Answer

Publish your script as an editor add-on or as a Google Workspace add-on. Bear in mind that you could make it private, by selecting unlisted or making it available only for your G Suite / Google Workspace organization.

Explanation

Add-ons were added on 2014. This is better than using a library because there will be nothing shared from your add-on.

Please note that

• it's not possible to access Google Apps Script server-side code by using Chrome Developer Tools or another similar software.
• there are some restrictions for add-ons, study them carefully as maybe this alternative will not work for you.
• nowadays add-ons require a Google Cloud Project and an oAuth consent screen. If the add-on will be shared with external users it will requires an oAuth verification and an app review.

If publishing as add-on is not an option for you, you should rethink your solution considering the use of a web application, using the Apps Script API or the Google Sheets API.

References

• Get code from my google spreadsheet addon after publishing
• Google Apps Script Add-On Source Code/Security
• Build add-ons for Google Docs and Sheets
• Develop Add-ons for Google Sheets, Docs, Slides, Forms, and Gmail
• Developing Add-ons for G Suite G+ Community

Make a special library file containing only the script for your client. Your client must have at least a read-level access. So he is able to see your script. Remove your script and make a new innocent script in that file and save this as a new version. Now your client sees only this new script. Because his application is still working on the old version of your library, the original script will do his job as usual.

make use of Library the documentation explains how to use it and there are a few interesting post on the subject as well