Supply chain attack hits npm package with 45,000 weekly downloads

"obfuscated code hidden in the 'dist/index.js' file that was only visible when the user scrolled horizontally"

Malicious intentions aside, surely this is artistic ingenuity