Ehm....
I'll be more explicit.
I believe you found a false positive.
tag-lib.js uses javascript encryption to make the size smaller; this is called "compression". Even though some trojans use this technique, it does not inherently mean a security issue. In this case, the tag-lib.js file does not contain any trojan and is meant to be that way.
If you still feel uncomfortable, you can of course delete that file - it is only required for a specific feature of the Xinha WYSIWYG editing component ("QuickTags").