Added a verification step to prevent this in Rust code with our cargo-deny tool. https://github.com/EmbarkStudios/cargo-deny/pull/80

We run this in GitHub Actions for all of our Rust repos, primarily to prevent banned or duplicate dependencies and approved licenses. But also works for verifying the sources of crates to prevent this specific issue now