Severity: Critical
CVSS Score: 10
This attempts to typosquat the existing crate [`finch_cli`](https://crates.io/crates/finch_cli) to steal credentials from local files. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 18 times. There were no crates depending on this crate on crates.io. Thanks to Matthias Zepper of [NGI Sweden](https://ngisweden.scilifelab.se/) for reporting this to the crates.io team!