`sha-rst` was removed from crates.io for malicious code
This crate was used as a dependency by finch_cli_rust and finch-rst and contained a malware payload to exfiltrate credentials. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 22 times. Other than the other crates above that were part of the attack, no other crates depedended on this crate. Thanks to Matthias Zepper of NGI Sweden for reporting this to the crates.io team!