The Python Software Foundation (PSF) has withdrawn its $1.5 million grant proposal to the U.S. National Science Foundation (NSF) due to funding terms forcing a compromise on its commitment to diversity, equity, and inclusion.
The funding would come through NSF’s Safety, Security, and Privacy of Open Source Ecosystems program, an initiative that finances research and development efforts aimed at improving the resilience and trustworthiness of open-source software infrastructure.
The non-profit organization devoted to the Python programming language submitted its proposal in January 2025, hoping to to secure financial resources to address security vulnerabilities in Python and the Python Package Index (PyPI).
Specifically, the money would help develop automated malware-detection tools for PyPI package uploads, which have been introducing risks on the platform for the past couple of years.
The same tools would have been ported to other open-source ecosystems like NPM and Crate.io.
After several months, the NSF approved the funding imposed restrictive clauses that led PSF’s board members to reconsider and ultimately reject money.
Specifically, the terms required recipients to affirm that they would not operate programs that “advance or promote diversity, equity, and inclusion (DEI).”
All PSF activities would be impacted by the clause, not just the grant-funded work, and a violation could permit requesting back the previously approved and transferred funds, creating a financial risk for the foundation.
The PSF states that DEI is central to its mission and values, and therefore is intrinsically incompatible with NSF funding under the proposed conditions.
“The mission of the Python Software Foundation is to promote, protect, and advance the Python programming language, and to support and facilitate the growth of a diverse and international community of Python programmers,” the Python Software Foundation says.
Hence, PSF’s board members have unanimously voted against accepting the funding, proceeding to withdraw their application.
This decision echoes a similar one taken by The Carpentries in June 2025, which had applied under the “Pathways to Enable Open-Source Ecosystems” (POSE) funding program, but which was subject to the same DEI-related restrictions.
In its announcement, the Python Software Foundation underlined that the need for financial support is now greater than ever, calling people to become PSF members, donate, and sponsor.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
