This has been brought up quite alot, and there really is no need for me to post anything about it again. But... To clarify some more on the above posts (and give me a perfect excuse to procrastinate a bit on my paper due on friday
Xposed cannot currently (and likely never) be hidden. On older systems this was possible but Google changed something in a security update (november 16, maybe?) and now it can't be done.
The "No Device Check" Xposed module that @Robert342
talks about above can be used to fake a CTS profile response, but that's about it. In the past, Pokemon Go only used the Basic integrity check (so the "No Device Check" module would be useless), but nowadays it also checks for a whole host of other things, like Busybox apps, root hiding apps, etc, and if I remember correctly the Xposed installer as well.
There might be some way of getting things running with PoGo (VirtualXposed, maybe), but I've never bothered to dig deeper into that kind of stuff (and I haven't actually used Xposed since Marshmallow). Too much effort... Would be much easier to just keep an untouched device for playing the game and another for all your rooting and modding needs.
And now for some semantics: It's not Magisk's SafetyNet, it's Google's. The Magisk Manager just uses Google's APIs for making a security check against their servers so you easily can check if MagiskHide is working as it should. And you can actually have the Magisk systemless Xposed module installed and still pass SafetyNet (as @azZA_09
is hinting about above). You'll just have to deactivate it and reboot whenever you need to pass SafetyNet and then reactivate it and reboot when you're done...