Docker isn't a security fix. It can help stop people from changing things accidentally for sure but I don't think it can completely hide things - though I'm not a Docker expert so I could be wrong.
Another thing you could do would be to compile your code - but then you are moving away from purely using Node-RED. However, node.js does have good support for integration of modules that are partially or fully compiled. So if you could encapsulate some of the logic in a custom node, you could further move the code to a compiled library.
You are going to want to be certain that the effort is worth it though because that is a fairly costly option from a commercial viewpoint.
I would certainly question whether you really do need to hide the code. You could, instead, make a big selling point of using open source code and then focus on service rather than selling logic.
