Are you still hiding if no one is looking?
People aren't reading the code at all—they'd see the weird decoder+eval—and machines can see that and also the private use code points.
Also, it's been public since May 2025 and GitHub/NPM/Microsoft have done nothing.
www.aikido.dev/blog/glasswo...
The Glassworm supply chain attack is back. Researchers uncovered malware hidden in invisible Unicode characters across 150+ GitHub repositories, plus npm packages and VS Code extensions.
