Overview
- The PSF board voted unanimously to withdraw after its proposal was recommended for funding under NSF’s Safety, Security, and Privacy of Open Source Ecosystems program.
- Grant terms required recipients to affirm they would not operate any programs that advance or promote DEI during the award period, with the restriction applying to all PSF activities.
- A clawback clause allowing retrieval of previously disbursed funds created open-ended financial risk that the foundation deemed unacceptable.
- The rejected project would have built automated, proactive malware-review tools for all PyPI uploads, with outputs designed to be transferable to registries such as NPM and Crates.io.
- The PSF, a roughly $5–6 million annual-budget nonprofit, says the $1.5 million would have been its largest grant and is now seeking donations and sponsorships, while similar DEI-related concerns led The Carpentries to withdraw earlier and NSF staff sent automated shutdown replies to media inquiries.