Overview
- The PSF board voted unanimously on October 27 to withdraw after award terms barred operating any programs that “advance or promote” DEI across the organization.
- The terms extended beyond the proposed project and permitted the NSF to claw back previously disbursed funds, which the PSF called an open‑ended financial risk.
- The unfunded project would have built automated, proactive review for all PyPI uploads using capability analysis from known‑malware datasets, with outputs transferable to NPM and Crates.io.
- The PSF, which operates on roughly a $5 million annual budget with a staff of 14, said losing $1.5 million over two years heightens its short‑term fundraising needs.
- Other groups have made similar choices, with The Carpentries withdrawing in June over the same language, signaling wider effects on NSF‑supported open‑source work.