Oh, and a few more examples just occurred to me:
@_exported import, used by swift-numerics.@inline(__always), used by swift-numerics, swift-collections, swift-atomics, swift-system, etc.
Also, async-http-client uses @inline(__always), but I'm not sure if that counts as first-party.
Now, I'm not blaming the authors of these packages - it is clear that this is a widespread problem, showing a general lack of discipline across the community when it comes to publishing releases making use of unstable language features. But I think developers do and should expect better, especially from first-party packages.
Just to reiterate @Ben_Cohen's point:
If a package, distributed in source form, makes use of underscored keywords or attributes, it is not guaranteed to compile with the next patch/minor/major release of the compiler. The entire package, and any projects which depend on them, become compromised and are subject to the same lack of stability guarantees.
This is a significant danger lurking in the package ecosystem; it undercuts the idea that Swift is source-stable if so many important packages are publishing releases using unstable language features.
Also, it's just poor form. Why are some packages allowed to use these features and claim to be stable, but my packages cannot? They are able to offer better performance, modularity, and nicer APIs than is possible using actual, stable Swift language features.