Overview
- The board voted unanimously to withdraw after the proposal was recommended for funding under NSF’s Safety, Security, and Privacy of Open Source Ecosystems program.
- Grant terms required affirming the group would not operate programs that advance or promote DEI, with violations allowing the NSF to reclaim disbursed funds.
- The unfunded plan aimed to add automated, proactive review of all PyPI uploads using capability analysis derived from known malware, with outputs adaptable to registries like NPM and Crates.io.
- The $1.5 million award would have been unusually large for the organization’s roughly $5–6 million annual budget and 14-person staff.
- The foundation is seeking memberships, donations, and sponsorships to support the work, and groups such as The Carpentries have taken similar steps in response to the same requirements.