This makes sense given how much of the current AI ecosystem is built on top of Python. I hope this helps the foundation improve security for everyone who relies on these libraries.
For anyone who isn’t aware/remembering, this is certainly made with the security of PyPi in mind, python’s main package repository.
NPM is the other major source of issues (congrats for now, `cargo`!), and TIL that NPM is A) a for-profit startup (??) and B) acquired by Microsoft (????). In that light, this gift seems even more important, as it may help ensure that relative funding differences going forward don’t make PyPi an outsized target!
(Also makes me wonder if they still have a Microsoft employee running the PSF… always thought that was odd.)
AFAIU the actual PSF development team is pretty small and focused on CPython (aka language internals), so I’m curious how $750,000/year changes that in the short term…
EDIT: there’s a link below with a ton more info. This gift augments existing gifts from Amazon, Google, Microsoft, and Citi, and they soft-commit to a cause:
Planned projects include creating new tools for automated proactive review of all packages uploaded to PyPI, improving on the current process of reactive-only review. We intend to create a new dataset of known malware that will allow us to design these novel tools, relying on capability analysis.
> (Also makes me wonder if they still have a Microsoft employee running the PSF… always thought that was odd.)
You might be confusing the Python Steering Council - responsible for leadership of Python language development - with the PSF non-profit there.
The PSF is lead by a full-time executive director who has no other affiliation, plus an elected board of unpaid volunteer directors (I'm one of them).
Microsoft employees occasionally get voted into the board, but there is a rule to make sure a single company doesn't have more than 2 representatives on the board at any one time,
The board also elects a chair/president - previously that was Dawn Wages who worked at Microsoft for part of that time (until March 2025 - Dawn was chair up to October), today it's Jannis Leidel from Anaconda.
Meanwhile the Python steering council is entirely separate from the PSF leadership, with their own election mechanism voted on by Python core contributors. They have five members, none of whom currently work for Microsoft (but there have been Microsoft employees in the past.)
Wow, I didn't know you got a spot on the board, that's a great choice on their part! Thanks for giving your time.
Yes, I was talking about Wages -- the day-to-day is surely complex, but I'm sure you'd agree that the president of the board is ultimately "above" the chief executive if push ever came to shove, at least on paper. I will grant that I used "running", which is quite unclear in hindsight! "Responsible for" or "leading" seems more accurate.
She seemed great as policymaker and person, but when I last checked her job was literally to be Microsoft's Python community liason, and that just struck me as... dangerous? On the nose? Giving the reigns to someone from a for-profit, $1.5B corporation whose entire business depends directly upon the PSF's work also seems like an odd choice. Again, I'm sure they're great as an individual, and during normal operations there's no competing interests so it's fine. It's just...
I guess I just have a vision for the non-profit org guiding the world's most popular programming language that doesn't really mesh with the reality of open source funding as it exists today, at the end of the day; the "no 2 representatives from the same company" rule seems like a comforting sign that they(/y'all!) share that general philosophy despite the circumstances.
Us board members voted to put Dawn in that position.
The position doesn't have much additional power at all - the chair spends a little more time with the executive director and gets to set the agenda for the board meetings, but board actions still require a vote from the board.
If we felt like an employee of a specific company was abusing their position on the PSF board we would take steps to address that. Thankfully I've seen no evidence of that from anyone during my time on the board.
If anything it's the opposite: board members are very good about abstaining from votes that their employer might have an interest in.
> I'm sure you'd agree that the president of the board is ultimately "above" the chief executive if push ever came to shove, at least on paper.
That is not true of the PSF, nor of many (most?) other US nonprofits. Not on paper, and not practically speaking. The director reports to the board, but officers have little to no unitary power. You can go read the PSF’s bylaws if you like, and if you do you’ll see that officers, including the president, can do very little without a board vote. And because of aforementioned policy, that’s a max of two votes from people employed by a single company.
Also, like, do you know anything about Dawn? She’s been serving the Python community waaaay longer than she’s worked for Microsoft. Questioning her ethics based on absolutely nothing is unfounded and, honestly, pretty fucked up.
There’s this pernicious lie that Microsoft is somehow controlling the PSF. It’s based on about as much evidence as there is for Flat Earth, yet here it is again. At best, repeating this lie reflects profound ignorance about how the PSF actually functions; at worst it seems like some kind of weird disinfo campaign against one of the most important nonprofits in open source.
Nodding along with everything you wrote here, but one minor point for anyone who might read the bylaws and get confused. https://www.python.org/psf/bylaws/
> Section 5.15. Limits on Co-affiliation of Board Members. No more than one quarter (1/4) of the members of the Board of Directors may share a common affiliation as defined in Section 5.14.
The PSF allows three board members to share an affiliation, 13 seats * 0.25 ~= 3.25.
BTH, that's one too many, and I helped write/recommend the original language. When I was on the board, three felt like too many, even though everyone was wonderful, and it was Google, not Microsoft, that hit the limit.
The DSF (Django Software Foundation) recently adopted a two-person limit, which I recommend more boards consider.
A) I'm assuming you meant "TBH", but please correct me if I have an acronym to learn.
B) Hacker news is crazy -- I didn't expect to spawn a thread that would get responses from actual board members, ex- or otherwise! I'd like to take a brief moment deep down into this thread to echo what I said to Simon above: thanks for giving your valuable time to help grow the best programming language & community to ever exist :)
...ok I guess I grant that technically the leader of the board is not the board itself, but that feels a bit pedantic. A prime minister/speaker of the house/etc. isn't the unitary executive of that chamber wielding absolute power, but they are still obviously the leader.
I assume you have more experience than me in corporate governance, but this is such a fundamental truth that I've just gotta stick to my guns. The executives serve at the pleasure of the board. That's what the board is.
Also, like, do you know anything about Dawn? She’s been serving the Python community waaaay longer than she’s worked for Microsoft. Questioning her ethics based on absolutely nothing is unfounded and, honestly, pretty fucked up.
Well, besides the compliments I paid her above, no I do not. I don't think you're right to be offended at the implication that anyone could be coerced into putting their 6-figure job ahead of the non-profit they serve in the right circumstances, but TBH the worry of unconscious bias is just as real and doesn't require any ethical breaches.
There’s this pernicious lie that Microsoft is somehow controlling the PSF. It’s based on about as much evidence as there is for Flat Earth, yet here it is again.
As I said above: I don't think there's evidence of any significant conflicts of interest so far, either from Microsoft, Anaconda, or any other firm. That said, I hope I can at least convince you that comparing concerns about corruption to a belief in a trivially-false scientific claim is going too far:
The fact of the matter is that the senior-most member of an important non-profit was/is employed in a lucrative, full-time, relatively open-ended role by a firm whose profits depend directly on the work of that non-profit. There's no accusations in that statement, and thus no room for it to be written off as a conspiracy theory.
In terms of why it matters: wouldn't it at least deserve a raised eyebrow if, say...
- The chair of the WHO was employed by J&J?
- The chair of the ACLU was employed by a political party?
- The chair of Make-A-Wish was employed by a Hollywood agency?
Microsoft was serious about supporting Python as far back as 2006, because IronPython was a real effort in Redmond. (I'm wondering how they think of it now.)
I must be the only one in here who thinks $1.5M is a small sum compared to Anthropic's size and the amount of value they have gotten out of Python. Good press is cheaper than I thought.
Every single financial institution on Wall Street, the City of London, Amsterdam, Tokyo, Dubai and so on, uses Python. Very few contribute.
I've worked at a few that use the 'mold' linker to dramatically reduce their build times. Again, very few contribute. In this particular case, I managed to get one former employer to make a donation.
Money has limited impact and has all sorts of drawbacks.
A more impactful change from firms might be to celebrate and reward community contributions of their own employees. This can establish a more productive culture than just money. If an engineering company is willing to donate money (yay!), perhaps consider making sure that employees are celebrated for contributions they make in a manner that is similar to how we currently celebrate monetary transactions.
It may not be enough, but I think it'd be more appropriate/constructive to point to other companies benefiting from Python that have never contributed, rather than saying one that contributed didn't do enough.
that was my first thought too, $1.5M is peanuts for Anthropic, however $1.5M is better than nothing, so it worth some PR too. Good they do, I think we have to encourage companies to do it, shaming will not help.
Businesses should definitely support the open source projects that they use. I'm still astounded that professional developers seem so adverse to paying for the tools and libraries that they use to make their own money.
Is it so hard to imagine that they do it because the PSF's work is important and they want to support them? All the AI labs depend hugely on the Python ecosystem and infrastructure. Startups burning cash spend on many things that are important to them.
They are heavily focused on code. Claude Code likely generates 100 of millions lines of Python a day, make the language a little bit better with $1.5M is extremely high leverage.
And if this money improves PyPI security (part of the focus), that reduces the chance of Claude Code adding malicious packages to a code base (a well publicized case of this could be a big PR headache for Anthropic). This donation is likely much better leverage than trying to somehow add mitigation at the Claude Code level.
The donation is earmarked for security concerns, ie. improving PyPI from a security perspective to prevent/mitigate supply chain attacks, etc. This means a more healthy Python ecosystem, which also benefits their products which are utilizing said ecosystem likely more than any other.
Poor management has played a role. They refused to invest in packaging to the extent that a separate company (astral) had to do it for them. Bugs closed for years with the excuse “we’re only volunteers.” Meanwhile, “outreach” was funded for several million a year. Not confidence inspiring. Maybe would have improved if the funds had been spent more appropriately.
Where are you getting these numbers? Looking at the PSFs Report for 2024 [0], 50% of their expenses went to pycon. Would you consider that outreach? I believe conferences are very important as part of the health of a language, and reading the definition of outreach[1], I would not classify the conference as that. The second highest amount of expenses (27.1%) went to (surprise!) "Packaging Work Group/Infrastructure/Other", i.e. pypi, pip etc... "Outreach & Education" was only 2.8% of 12.9% of expenses, i.e. 0.3612%, which is $17846 (actual dollars, not thousands like in the report.)
The assertions above are my memory from pre-covid, I’d look at 2019 and before perhaps. Many things changed after that (and council too) but it takes a while to change perception.
In 2019 [0] they only had 2.5 million of total expenses, of which 75% was pycon. So even if everything else was on "outreach" (it was not), that would only be $642,500, which is not "several million a year".
In 2020 [1] 48.1% went to "Packaging Work Group/Infrastructure/Other" (I assume because in person pycon was canceled).
I also checked 2021 [2], which was 32.7% pycon and 31.2% pip etc...
Also 2022 [3], 57.8% pycon, 26.6% Packaging Work Group...
In 2023 [4], 60.5% pycon, and Packaging Work Group expenses decreased to 9.6% because of fastly now provides the bandwidth/hosting: "We are grateful to Fastly for making the online services that the PSF provides possible, so that we can
invest time and resources into advancing our infrastructure to better meet community wants and needs."
I have looked at 2018-2016, where the expenses are almost completely the main pycon and more local pycons. Also sponserships like "Pallets group, which maintains projects such as Flask and Jinja" (2018). Everything other than the main pycon is less than 1 million dollars combined in expenses.
I feel it is important to look at the facts, not just vibes.
Those are "fiscal sponsorships" meaning the PSF holds money for other organizations. The PSF is not funding Pallets (or Boston Python or North Bay Python, etc, etc). They accept money earmarked for those organizations and provide administrative support. Details: https://www.python.org/psf/fiscal-sponsorees/
A portion of pycon expenses are spent on outreach and teaching during the event. Arguably all of pycon is outreach. There are dedicated grants, aid, support as well. The 2019 PDF breakdown doesn't seem to be available any longer.
As we all know, Astral stepped in and solved the problem for them. I moved to their tools as soon as was possible. And not simply because they were fast, but because they work.
> They refused to invest in packaging to the extent that a separate company (astral) had to do it for them
uv didn't just happen in a vacuum, there has been lots of investment in the Python packaging ecosystem that has enabled it (and other tools) to try and improve the shortcomings of Python and packaging.
There's PEP 518 [1] for build requirements, PEP 600 [2] for manylinux wheels, PEP 621 [3] for pyproject.toml, PEP 656 [4] for musl wheels platform identifiers, PEP 723 [5] for inline script metadata.
Without all this uv wouldn't be a thing and we would be stuck with pip and setuptools or a bunch of more bandaid hacks on top making the whole thing brittle.
Obviously, but writing PEPs is not enough. Read through the comments under any Python thread here from the late 2010s to early 2020s. Just ~two years ago you couldn't talk about anything Python-related without discussion veering far offtopic to complain about packaging.
That's the thing, you don't have to :) While I think uv is a great tool and highly recommend it, you are more than welcome to use any of the other build backends or package management tools that fit your workstyle. By having these packaging PEPs (amongst) others, the ecosystem has been able to try out different approaches and most likely over time will consolidate on specific ones that work better than the others.
Anecdata, but uv served as a very good packaging mechanism for a Python library I had to throw on an in extremis box, one that is not connected to the Internet in any way, and one where messing with the system Python was verboten and Docker was a four-letter word.
I don't know much about the Linux Foundation if I'm being honest, even though I've been a 24/7 Linux user for decades, but they seemingly don't have the same image in the ecosystem, at least not close to how people see Mozilla today.
Why is that? Is there lessons to be learned from the Linux Foundation how to actually effectively and responsibly manage that sort of money, in those types of projects?
The Linux foundation is not a nonprofit. It is registered as a 501c6, basically a business consortium, unlike the Python software foundation which is a nonprofit (501c3).
The Linux foundation also stewards way more foundations and projects that just "Linux". They are, among other things, in the business of creating foundations and making money that way. For every organization under the Linux foundation, say the CNCF, to be a part of those subprojects, you need to pay a Linux foundation tax.
The Python Software foundation I don't know much about but their scope seems to be only stewarding python. They seem to have far less corporate outreach then the Linux foundation.
Linux Foundation 990 - note page 16-17 with the salaries - there are for profit entity salaries, not nonprofit salaries.
I'm not sure what you are labeling as pet projects of leadership? Is there something the PSF is doing that you consider a pet project rather than part of their core mission?
I'm not sure how you got to "before" here. The PSF runs PyPI, organizes the Python Packaging Authority, supports sprints and standardization efforts, funds developers in residence and so on. Packaging is improving, partly because of those efforts. It's not an either/or.
> CPython core developer Paul Moore described his involvement in the
> packaging community and said: “it’s struggling under the weight of its own
> popularity … the individuals involved are doing their best under what are
> frankly near-impossible conditions.”
> Moore questioned whether the fact that so many businesses now depend on
> Python and PyPI meant that “maybe a purely volunteer basis simply can’t
> work any more,” though he hoped this is not the case.
Yes, it could use more funding. Glad to see that Anthropic is helping. It's still not an either/or situation. The PSF would not be fulfilling their mission if they only funded packaging until packaging was "solved" (whatever that might mean) and only then did they fund outreach.
I didn't say either/or, and was talking about priorities. One shouldn't install a fancy roof when the foundation is crumbling.
> The PSF would not be fulfilling their mission if they only funded packaging until packaging was "solved" (whatever that might mean) and only then did they fund outreach.
They did the opposite. So they still didn't fulfill it, to the extent that Mozilla, ChanZuck, and astral felt compelled to step in.
As far as I'm aware, Python was only recently (2020s) taught in most schools, so that's the reason it wasn't and isn't well funded. Schools will stick with legacy languages far beyond their market lifetimes, as that is what the instructors know best. So it's not that it isn't well funded, it's that it's still early in terms of global popularity. As we just witnessed, the funding is just now coming in big drops.
It happened quite a while back, most of us knew what direction this was going (Claude Code uses Bun, OpenCode uses Bun, they need Bun to work the best for Claude Code)
My wife's previous job was as an accountant with the endowment foundation at a mid-sized public university (San Jose State University). A lot of her time was spent making sure that the spending from the endowments many different funds corresponded to the rules that the donors had given when donating that money. Much of that was working with groups to shift spending around between accounts when they invariably made "mistakes".
One of her biggest projects was shepherding a large group of very old donations through a legal process to remove provisions in the donation agreements that were now illegal. In these cases the donors were long deceased, and the most common rule that needed to be changed was targeting race or ethnicity (e.g.: funds setup to help black people, or Irish, etc...).
The sheer number of different variations on "donor intent", or even just the wording on that legal document was astounding. There was always a tension between my wife's group and the group that was bringing in the money ("stewardship"), her group wanted things to be simpler and the "stewarding" group wanted nothing to get in the way of donations. It was remarkably similar to the tensions between sales and engineering in many software firms.
Hello! PSF staffer/author of the linked post here. To be explicit, the Anthropic donation is actually "no strings attached," or in non-profit parlance "unrestricted," but with a handshake agreement that they hope to improve security with this sponsorship. So the gift will enable us to do security work we've wanted to do and it is our intention to do that, but Anthropic didn't formally earmark the money, which gives us a great deal more flexibility plus a lower accounting burden, and I'm personally very grateful for that.
Of course you can. The vast majority of donations of this magnitude come with strings attached, be it how the money is spent, access to leadership/events, etc
It's super common with non-profits. Obviously they would prefer no strings attached but some light strings are usually not a problem for most non-profits.
And they come in a variety of bindingness. I didn’t notice any details in this link which makes me think this is mostly a handshake deal, but it wouldn’t be at all unusual for there to be some auditing mechanisms on a quarterly/yearly cycle.
For example, Wikimedia just recently claimed that they can’t chase some political project that critics wanted them to because most of their funds are earmarked-for/invested-in specific projects. So it does happen with US-based tech non-profits to at least some extent.
The vast majority of donations to, say, universities are made with a specific purpose, and that happens with a lot of non-profits too. The recipient doesn't have to accept the donation, of course, but if they do they track exactly how it was spent.
Maybe I'm the only one realizing it's exactly the same amount they were due to receive from the US Govt until the Trump administration said they were too woke.
Kinda crazy that the top level "Visionary Sponsor" is a donation level of $160k. There's also 0 sponsors at the $100k level. I was also surprised to see Netflix at $5k and Jane Street at $17k. Maybe they should give more but there's a lot of names absent and that says more
Seems like a good time to throw out a reminder regarding "Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure" by Nadia Asparouhova. While she may have published it in 2016, it's still relevant today and speaks to the need for the private sector generally (looking at you VC firms) to support and understand the open source work, hours of unfunded labor, powering our societies.
Really simple fix: social pressure and expectations should be that every company that uses open source pays a fixed amount of their revenue (is 0.1% low enough to be negligible for the companies). Companies that don't should shunned.
The problem is, people who make that decision can either spend 0.1% to support open source and get return on investment in terms of better business performance in 2-3 business years. Or they could pay themselves 0.1% in bonuses right now and get an immediate return.
To a large extent they do and always have. It's not as broad or fair as it should be[1], but for almost any economically important project all the major contributors and maintainers are on the payroll of one of the big tech interests or a foundation funded by them.
The hippies writing that software may not be compensated at the level you'd expect given the value they provide, but they'll never go hungry.
[1] LLVM and Linux get more cash than they can spend. GNU stuff is comparatively impoverished because everyone assumes they'd do it for free anyway. Stuff that ships on a Canonical desktop or RHEL default install gets lots of cash but community favorites like KDE need to make their own way, etc... Also just to be clear: node is filled with povertyware and you should be extremely careful what you grab from npm.
> but for almost any economically important project all the major contributors and maintainers are on the payroll of one of the big tech interests or a foundation funded by them.
"almost" is the load bearing word here, and/or a weasel word. Define what an "economically important project" is.
> Also just to be clear: node is filled with povertyware and you should be extremely careful what you grab from npm.
Is "povertyware" what we call software written by people and released for free now?
> "almost" is the load bearing word here, and/or a weasel word. Define what an "economically important project" is.
Linux, clang, python, react, blink, v8, openssl... You know what I mean. I stand by what I said. Do you have a counterexample you think is clearly unfunded? They exist[1], but they're rare.
> Is "povertyware" what we call software written by people and released for free now?
It's software subject to economic coercion owing to the lack of means of its maintainership. It's 100% fine for you to write and release software for free, but if a third party bets their own product on it they're subject to an attack where I hand you $7M to look the other way while I borrow your shell.
[1] The xz-utils attack is the flag bearer for this kind of messup, obviously.
Unfunded is kind of a stretch, but at least libxml2.
Essentially "povertyware" as you call it when you consider the trillion dollar companies built on top of them? Now that's way easier: SQLite, PostgreSQL, ffmpeg, imagemagick, numpy, pandas, GTK, curl, zlib, libpng, zxing or any other popular qr/barcode library, etc...
> Linux, clang, python, react, blink, v8, openssl... You know what I mean. I stand by what I said. Do you have a counterexample you think is clearly unfunded? They exist[1], but they're rare.
For Linux "all the major contributors and maintainers are on the payroll of one of the big tech interests or a foundation funded by them" is simply not true. It's trivial to prove this by just looking at the maintainers of the subsystems. Making this claim is nonsense to begin with.
Same is true for several major contributors to the Python compiler and subsequent libraries as well.
You will move the goalpost by trying to narrow down what "major contributor" means.
> It's software subject to economic coercion owing to the lack of means of its maintainership. It's 100% fine for you to write and release software for free, but if a third party bets their own product on it they're subject to an attack where I hand you $7M to look the other way while I borrow your shell.
So without knowing anyone you are making a value judgement on the (probable?) lack of ethics? Excuse me?
> Who exactly are you thinking of that needs a job but doesn't have one?
That is not your claim. Your claim is that they "are on the payroll of one of the big tech interests or a foundation funded by them". Which is simply not true.
You can easily find several maintainers of these projects doing this as their part-time hobby project, have cut a deal at work or simply don't work at place that funds Linux development.
I'm not going to call out individual I know the situation and/or their employment history.
> LLVM and Linux get more cash than they can spend. GNU stuff is comparatively impoverished because everyone assumes they'd do it for free anyway. Stuff that ships on a Canonical desktop or RHEL default install gets lots of cash but community favorites like KDE need to make their own way, etc... Also just to be clear: node is filled with povertyware and you should be extremely careful what you grab from npm.
This is often the problem with charity in general. It's hard to find good organizations that actually need your money. Great ones self-sustain on their own revenue. Good ones are saturated with donations from their own users. There's just a small sliver of projects that are awesome, and could productively use financial support. From personal experience, identifying these is often far more costly than the act of writing a check.
Internal forecasts indicate Anthropic’s annualized revenue run-rate could be between about $20 billion and $26 billion in 2026. Let's shoot for the middle, $23 billion
According to multiple articles, Anthropic expects to reduce its cash burn to around one-third of revenue in 2026.
This implies total spending is roughly revenue + cash burn ≈ $23 billion + $7.7 billion ≈ $30.7 billion
When you divide the total spending to the length of the whole year, $1.5 million would sustain Anthropic for roughly 0.43 hours, or about 26 minutes.
It does seem small at Anthropic scale. But instead of faulting them for contributing "so little", maybe we can point to the thousands of large companies that are doing nothing.
Just recently I heard that they can donate to “typed languages” too, a donation to one language does’t preclude other donations, and given their cash injections they have a few $1.5m’s to spare.
For any programming really, but I think Python got big due to
a) the huge influx of beginners into IT,
b) lots of intro material available in Python and
c) having a simple way to run your script and get feedback (same as PHP)
I say that as someone urging people to look beyond Python when they master the basics of programming.
Python has a terseness that is hard to rival. I think that was a major selling point: its constructs and use of whitespace mean that a valid Python program looks pretty close to the pseudo-code one might write to reason out the problem before writing it in another language.
Python doesn't require you to understand monads to write useful Python.
To be clear: Haskell is great, but its entire vibe (lazy evaluation, pure functions) is entirely different from what Python's about. Someone who knows C++ or Java has a much bigger gap to jump to pick up Haskell than to pick up Python.
> Someone who knows C++ or Java has a much bigger gap to jump to pick up Haskell than to pick up Python.
True, they are all imperative c-style languages.
> Python doesn't require you to understand monads to write useful Python.
If that is the concern I would recommend anyone interested to dabble with F#. Part of its design philosophy is to keep the complexity out wrt type systems. It offers a vast vetted library¹, better dependency management², it is truly multi-paradigm (imperative, functional and oop), vastly better performance, and it is strongly typed without requiring type annotations³.
I know I am not going to sell it to monogamous devs, but those that are open minded should give it a try.
___
¹ This is something people will start to appreciate once they get serious about the risk of supply chain attacks.
² Python developers feel they are doing fine with pip or uv, at least in my experience, but then I find they haven't dealt with package mgmt in alternative languages.
³ Types in python are a hack, bolting on something afterwards will not reach what is possible with a language that has been designed with types as core element.
Python type hints are static - at the moment, they are advisory only, but there is an obvious route forward to making Python an (optionally) fully statically typed language by using static type checking on programs before execution.
Yes then you might as well use some other language that uses types but also gets you performance. I agree the ecosystem is missing but hey we have LLMs now
I don't understand why you keep bringing up performance. If you're considering using Python, as many projects are, performance is obviously not a concern.
Python is a good language. Its ecosystem is rich, and I find it very productive. I want to use it, but I also want as much static analysis as possible, so I use ruff and pyright.
Performance isn’t the only important metric. There are other pros to weigh. For many apps a language might be performant enough, and bring other pros that make it more appealing than more performant alternatives.
> Python type hints allow checking correctness statically
Not really. You can do some basic checking, like ensuring you don't pass a string into where an integer is expected, but your tests required to make sure that you're properly dealing with those integers (Python type hints aren't nearly capable enough to forgo that) would catch that anyway. The LLM doesn't care if the error comes from a type checker or test suite.
When you get into real statically typed languages there isn't much consideration for Python. Perhaps you can prompt an LLM to build you an extractor, but otherwise, based on what already exists, your best bet is likely Lean extracted to C, imported as a Python module. Easier would be to cut Python out of the picture, though.
If you are satisfied with the SMT middle-ground, Dafny does support Python as a target. But as the earlier commenter said: Types are best.
I think you're underestimating the current state of the Python type system. With Python 3.12 and pyright or mypy in strict mode, it's very reliable, and it makes those kinds of tests unnecessary. This requires you to fully buy into the idea, though, with 100% of your codebase statically typed and using only typed libraries, unless you're comfortable writing wrappers.
It's not Rust-level, but I'd argue it's better than C or Go's type systems.
The comparison with Rust and not something like Lean, Rocq, or Idris is telling. Rust's type system is not much better than Python's, still requiring tests for everything.
These partial type systems cannot replace any actually useful tests. I'll grant you that testing is the least understood aspect of computer science, leading to a lot of really poorly conceived tests out in the wild. I can buy that those bad, useless tests can be replaced — albeit weren't actually needed in the first place.
For a lot of the business world, code flexibility is much more important than speed because speed is bottlenecked not on the architecture but on the humans in the process; your database queries going from two seconds to one second matters little if the human with their squishy eyeballs takes eight seconds to digest and understand the output anyway. But when the business's needs change, you want to change the code supporting them now, and types make it much easier to do that with confidence you aren't breaking some other piece of the problem domain's current solution you weren't thinking about right now (especially if your business is supported by a team of dozens to hundreds of engineers and they each have their own mental model of how it all works).
Besides... Regarding performance, there is a tiny hit to performance in Python for including the types (not very much at all, having more to do with space efficiency than runtime). Not only do most typed languages not suffer performance hindrance from typing, the typing actually enables their compilation-time performance optimizations. A language that knows "this variable is an int and only and int and always an int" doesn't need any runtime checks to confirm that nobody's trying to squash a string in there because the compiler already did that work by verifying every read and write of the variable to ensure the rules are followed. All that type data is tossed out when the final binary gets built.
I'd say most of us who prefer Python (a pretty significant number given it's the most popular language out there) don't care that much about performance, as today's machines are pretty fast and the main bottlenecks aren't in the language itself anyway. What we care about is usability/friendliness so we ourselves can iterate quickly.
If your code is talking to an LLM, the performance difference between rust and python represents < 0.1% of the time you spend waiting for computers to do stuff. It's just not an important difference.
It's true; mypy won't make your Python faster. To get something like that, you'd want to use Common LISP and SBCL; the SBCL compiler can use type assertions to actually throw away code-paths that would verify type expectations at runtime (introducing undefined behavior if you violate the type assertions).
It's pretty great, because you can run it in debug mode where it will assert-fail if your static type assertions are violated, or in optimized mode where those checks (and the code to support multiple types in a variable) go away and instead the program just blows up like a C program with a bad cast does.
Why is this getting downvoted... it is true. Also it is true that dynamic languages (like Ruby ;) and Python) are more efficient with tokens, like significantly then types like C, C++ or such. But Javascript and Typescript are using twice the tokens of Ruby for example and Clojure is even more efficient, obviosly I would add.
AFAICT Python basically is a [statically-]typed language nowadays. Most people are using MyPy or an alternative typechecker, and the community frowns on those who aren’t.
> Most people are using MyPy or an alternative typechecker, and the community frowns on those who aren’t.
That's not like a widespread/by-default/de-facto standard across the ecosystem, by a wide margin. Browse popular/trending Python repositories and GitHub sometime and I guess you can see.
Most of the AI stuff released is still basically using conda or pip for dependencies, more times than not, they don't even share/say what Python version they used. It's basically still the wild west out there.
Never had anyone "frown" towards me for not using MyPy or any typechecker either, although I get plenty of that from TS fans when I refuse to adopt TS.
> Never had anyone "frown" towards me for not using MyPy or any typechecker either
I’ve seen it many times. Here’s one of the more extreme examples, a highly-upvoted comment that describes not using type hints as “catastrophically unprofessional”:
But yeah, that's reddit, people/bots rejoice over anything being cargoculted there, and you really can't take any upvote/downvote numbers on reddit seriously, it's all manipulated today.
Don't read stuff on reddit and use whatever you've "learned" there elsewhere, because it's basically run by moderators who try to profit of their communities these days, hardly any humans left on the subreddits.
Edit: I really can't stress this enough, don't use upvotes/likes/stars/whatever as an indicator that a person on the internet is right and has a good point, especially not on reddit but I would advice people to not do so on HN either, or any other place. But again, especially on reddit, the upvotes literally count for nothing. Don't pick up advice based on upvoted comments on reddit!
Generally you only get frowned at if you're not using type hints while contributing to a project whose coding standards say "we use type hints here."
If you're working on a project that doesn't use type hints, there's also plenty of frowning, but that's just because coding without a type checker is kind of painful.
> Generally you only get frowned at if you're not using type hints while contributing to a project whose coding standards say "we use type hints here."
Yeah, that obviously makes sense, not following the code guidelines of a project should be frowned upon.
I think in the case of TS, it's more that JavaScript itself is notoriously trash (I'm not being subjective; see https://www.destroyallsoftware.com/talks/wat), and TypeScript helps paper over like 90% of the holes in JavaScript.
Python typed or untyped feels like a taste / flexibility / prototyping tradeoff; TypeScript vs. JavaScript feels like "Do you want to get work done or do you want to wrap barbed wire around your ankle and pull?" And I say this as someone who will happily grab JS sometimes (for <1,000 LOC projects that I don't plan to maintain indefinitely or share with other people).
Plus, TypeScript isn't a strict superset of JavaScript, so choice at the beginning matters; if you start in JS and decide to use TS later, you're going to have to port your code.
Typed Python vs untyped Python is literally the same as TS vs JS, don't let others fool you into thinking somehow it's different.
> TypeScript helps paper over like 90% of the holes in JavaScript
Always kind of baffles me when people say this, how are you actually programming where 90% of the errors/bugs you have are related to types and other things TS addresses? I must be doing something very different when writing JS because while those things happen sometime (once or twice a year maybe?), 90% of the issues I have while programming are domain/logic bugs, and wouldn't be solved by TS in any way.
I mean, I'm one of the fools who would fool you into thinking it's different, since I use all four languages. ;)
I can just skip the mypy run if I want to do untyped Python. I can't skip adding types if I'm writing TypeScript in most contexts; it's not valid TypeScript syntax. Conversely, I can't add types to JavaScript; it's not valid JavaScript syntax (jsdoc tags and running a static checker over that being a different subject, and more akin to the Python situation).
> how are you actually programming where 90% of the errors/bugs you have are related to types and other things TS addresses
It's the things in the "wat" video. JavaScript, in general, errs on the side of giving you some answer when you try and do something very unusual with types (like add a boolean to a number or a string to an array) over taking a runtime error. TypeScript will fail to typecheck in most of the places where those operations are techincally correct but surprising as hell in the wrong way unless you explicitly coerce the types to match up.
It's a funny video, still after 15 years of seeing it, I'll give you that. But the number of times I'm bothered by accidentally triggering those scenarios in real-life? Could probably count that on one hand.
I also give you that TypeScript helps beginner JavaScript developers a ton, and that's no easy feat by itself, just because of those things you mention. Once you build up intuition about how things work in JavaScript though, those sort of bugs should stop happening though, otherwise I'd say you aren't really learning the language.
It's a pretty nice best-of-both-worlds arrangement. The type information is there, but the program still runs without it (unless one is doing something really fancy, since it does actually make a runtime construct that can be introspected; some ORMs use the static type data to figure out database-to-object bindings). So you can go without types for prototyping, and then when you're happy with your prototype you can let mypy beat you up until the types are sound. There is a small nonzero cost to using the types at runtime (since they do create metadata that doesn't get dropped like in most languages with a static compilation step, like C++ or TypeScript).
I can name an absolute handful of languages I've used that have that flexibility. Common LISP comes to mind. But in general you get one or the other option.
> It's a pretty nice best-of-both-worlds arrangement
It’s also a worst-of-both-worlds arrangement, in that you have to do the extra work to satisfy the type checker but don’t get the benefits of a compiled language in terms of performance and ease-of-deployment, and only partial benefits in terms of correctness (because the type system is unsound).
AFAIK the Dart team felt this way about optional typing in Dart 1.x, which is why they changed to sound static typing for Dart 2.
Without dependent typing, it's the worst of all worlds anyway. You have to express types, but they aren't expressive enough to not have to also express the same in tests, leaving this weird place where you have to repeat yourself over and over.
That was an okay tradeoff for humans writing code as it enables things like the squiggly line as you type for basic mistakes, automatic refactoring, etc. But that stuff makes no difference to LLMs.
This makes sense given how much of the current AI ecosystem is built on top of Python. I hope this helps the foundation improve security for everyone who relies on these libraries.
Very good for my career too as someone with plenty python experience
For anyone who isn’t aware/remembering, this is certainly made with the security of PyPi in mind, python’s main package repository.
NPM is the other major source of issues (congrats for now, `cargo`!), and TIL that NPM is A) a for-profit startup (??) and B) acquired by Microsoft (????). In that light, this gift seems even more important, as it may help ensure that relative funding differences going forward don’t make PyPi an outsized target!
(Also makes me wonder if they still have a Microsoft employee running the PSF… always thought that was odd.)
AFAIU the actual PSF development team is pretty small and focused on CPython (aka language internals), so I’m curious how $750,000/year changes that in the short term…
EDIT: there’s a link below with a ton more info. This gift augments existing gifts from Amazon, Google, Microsoft, and Citi, and they soft-commit to a cause:
> (Also makes me wonder if they still have a Microsoft employee running the PSF… always thought that was odd.)
You might be confusing the Python Steering Council - responsible for leadership of Python language development - with the PSF non-profit there.
The PSF is lead by a full-time executive director who has no other affiliation, plus an elected board of unpaid volunteer directors (I'm one of them).
Microsoft employees occasionally get voted into the board, but there is a rule to make sure a single company doesn't have more than 2 representatives on the board at any one time,
The board also elects a chair/president - previously that was Dawn Wages who worked at Microsoft for part of that time (until March 2025 - Dawn was chair up to October), today it's Jannis Leidel from Anaconda.
Meanwhile the Python steering council is entirely separate from the PSF leadership, with their own election mechanism voted on by Python core contributors. They have five members, none of whom currently work for Microsoft (but there have been Microsoft employees in the past.)
Wow, I didn't know you got a spot on the board, that's a great choice on their part! Thanks for giving your time.
Yes, I was talking about Wages -- the day-to-day is surely complex, but I'm sure you'd agree that the president of the board is ultimately "above" the chief executive if push ever came to shove, at least on paper. I will grant that I used "running", which is quite unclear in hindsight! "Responsible for" or "leading" seems more accurate.
She seemed great as policymaker and person, but when I last checked her job was literally to be Microsoft's Python community liason, and that just struck me as... dangerous? On the nose? Giving the reigns to someone from a for-profit, $1.5B corporation whose entire business depends directly upon the PSF's work also seems like an odd choice. Again, I'm sure they're great as an individual, and during normal operations there's no competing interests so it's fine. It's just...
I guess I just have a vision for the non-profit org guiding the world's most popular programming language that doesn't really mesh with the reality of open source funding as it exists today, at the end of the day; the "no 2 representatives from the same company" rule seems like a comforting sign that they(/y'all!) share that general philosophy despite the circumstances.
Us board members voted to put Dawn in that position.
The position doesn't have much additional power at all - the chair spends a little more time with the executive director and gets to set the agenda for the board meetings, but board actions still require a vote from the board.
If we felt like an employee of a specific company was abusing their position on the PSF board we would take steps to address that. Thankfully I've seen no evidence of that from anyone during my time on the board.
If anything it's the opposite: board members are very good about abstaining from votes that their employer might have an interest in.
> I'm sure you'd agree that the president of the board is ultimately "above" the chief executive if push ever came to shove, at least on paper.
That is not true of the PSF, nor of many (most?) other US nonprofits. Not on paper, and not practically speaking. The director reports to the board, but officers have little to no unitary power. You can go read the PSF’s bylaws if you like, and if you do you’ll see that officers, including the president, can do very little without a board vote. And because of aforementioned policy, that’s a max of two votes from people employed by a single company.
Also, like, do you know anything about Dawn? She’s been serving the Python community waaaay longer than she’s worked for Microsoft. Questioning her ethics based on absolutely nothing is unfounded and, honestly, pretty fucked up.
There’s this pernicious lie that Microsoft is somehow controlling the PSF. It’s based on about as much evidence as there is for Flat Earth, yet here it is again. At best, repeating this lie reflects profound ignorance about how the PSF actually functions; at worst it seems like some kind of weird disinfo campaign against one of the most important nonprofits in open source.
Nodding along with everything you wrote here, but one minor point for anyone who might read the bylaws and get confused. https://www.python.org/psf/bylaws/
> Section 5.15. Limits on Co-affiliation of Board Members. No more than one quarter (1/4) of the members of the Board of Directors may share a common affiliation as defined in Section 5.14.
The PSF allows three board members to share an affiliation, 13 seats * 0.25 ~= 3.25.
BTH, that's one too many, and I helped write/recommend the original language. When I was on the board, three felt like too many, even though everyone was wonderful, and it was Google, not Microsoft, that hit the limit.
The DSF (Django Software Foundation) recently adopted a two-person limit, which I recommend more boards consider.
A) I'm assuming you meant "TBH", but please correct me if I have an acronym to learn.
B) Hacker news is crazy -- I didn't expect to spawn a thread that would get responses from actual board members, ex- or otherwise! I'd like to take a brief moment deep down into this thread to echo what I said to Simon above: thanks for giving your valuable time to help grow the best programming language & community to ever exist :)
...ok I guess I grant that technically the leader of the board is not the board itself, but that feels a bit pedantic. A prime minister/speaker of the house/etc. isn't the unitary executive of that chamber wielding absolute power, but they are still obviously the leader.
I assume you have more experience than me in corporate governance, but this is such a fundamental truth that I've just gotta stick to my guns. The executives serve at the pleasure of the board. That's what the board is.
Well, besides the compliments I paid her above, no I do not. I don't think you're right to be offended at the implication that anyone could be coerced into putting their 6-figure job ahead of the non-profit they serve in the right circumstances, but TBH the worry of unconscious bias is just as real and doesn't require any ethical breaches. As I said above: I don't think there's evidence of any significant conflicts of interest so far, either from Microsoft, Anaconda, or any other firm. That said, I hope I can at least convince you that comparing concerns about corruption to a belief in a trivially-false scientific claim is going too far:The fact of the matter is that the senior-most member of an important non-profit was/is employed in a lucrative, full-time, relatively open-ended role by a firm whose profits depend directly on the work of that non-profit. There's no accusations in that statement, and thus no room for it to be written off as a conspiracy theory.
In terms of why it matters: wouldn't it at least deserve a raised eyebrow if, say...
- The chair of the WHO was employed by J&J?
- The chair of the ACLU was employed by a political party?
- The chair of Make-A-Wish was employed by a Hollywood agency?
Microsoft was serious about supporting Python as far back as 2006, because IronPython was a real effort in Redmond. (I'm wondering how they think of it now.)
I must be the only one in here who thinks $1.5M is a small sum compared to Anthropic's size and the amount of value they have gotten out of Python. Good press is cheaper than I thought.
You are right, it is. But it would be a mistake for us to use this opportunity to attack them for it.
We should applaud their donation today, and at another time assess the meager contributions of many companies that should be shamed.
Every single financial institution on Wall Street, the City of London, Amsterdam, Tokyo, Dubai and so on, uses Python. Very few contribute.
I've worked at a few that use the 'mold' linker to dramatically reduce their build times. Again, very few contribute. In this particular case, I managed to get one former employer to make a donation.
But the list goes on.
Short arms, deep pockets, as the saying goes.
It’s interesting to see everyone advocate for open source software with permissive licenses, then get mad when companies use them.
If python wants to require money for updates or for customers over $X in revenue, they can!
If companies don’t want to donate, they don’t have to just as python contributors don’t have to if they’re annoyed at how it’s used.
very easy way to make bank would be to support extended security updates for old versions of python
a couple of paid engineers could support every previous version essentially forever
Money has limited impact and has all sorts of drawbacks.
A more impactful change from firms might be to celebrate and reward community contributions of their own employees. This can establish a more productive culture than just money. If an engineering company is willing to donate money (yay!), perhaps consider making sure that employees are celebrated for contributions they make in a manner that is similar to how we currently celebrate monetary transactions.
For an example of the opposite, Google laid off their entire Python team, something that also made HN front page: https://news.ycombinator.com/item?id=40171125
All people do here is complain.
We can both applaud the effort and indicate it’s not enough. Two things can be true simultaneously.
It may not be enough, but I think it'd be more appropriate/constructive to point to other companies benefiting from Python that have never contributed, rather than saying one that contributed didn't do enough.
An opportunity for you to convince the leadership at your company to contribute.
Even if it would be a small fraction of $1.5M
that was my first thought too, $1.5M is peanuts for Anthropic, however $1.5M is better than nothing, so it worth some PR too. Good they do, I think we have to encourage companies to do it, shaming will not help.
I mean, it's 1.5M more than the foundation knows what to do with.
don't compare everyone with your mom, shepard
They are probably trying to build influence. Why is a startup that is burning cash donating money?
Businesses should definitely support the open source projects that they use. I'm still astounded that professional developers seem so adverse to paying for the tools and libraries that they use to make their own money.
Is it so hard to imagine that they do it because the PSF's work is important and they want to support them? All the AI labs depend hugely on the Python ecosystem and infrastructure. Startups burning cash spend on many things that are important to them.
They are heavily focused on code. Claude Code likely generates 100 of millions lines of Python a day, make the language a little bit better with $1.5M is extremely high leverage.
And if this money improves PyPI security (part of the focus), that reduces the chance of Claude Code adding malicious packages to a code base (a well publicized case of this could be a big PR headache for Anthropic). This donation is likely much better leverage than trying to somehow add mitigation at the Claude Code level.
Care to elaborate on how $1.5M makes Python better?
The donation is earmarked for security concerns, ie. improving PyPI from a security perspective to prevent/mitigate supply chain attacks, etc. This means a more healthy Python ecosystem, which also benefits their products which are utilizing said ecosystem likely more than any other.
You’re asking how money can be used to improve software?
Yes, because lots of these comments seem to imply that more money necessarily makes it better, which is often not the case.
Of course they are. These donations usually come out of the marketing budget. And it's working, we're talking about them.
But also they rely heavily on Python and want to support the ecosystem.
really find a negative in it ey - what type of donation and from who would be acceptable to you to fund the python foundation?
This is a step to take control and move in a direction that will profit them greatly.
May or may not benefit the community.
Still crazy how little investment goes to Python given how critical it is to the ecosystem.
Poor management has played a role. They refused to invest in packaging to the extent that a separate company (astral) had to do it for them. Bugs closed for years with the excuse “we’re only volunteers.” Meanwhile, “outreach” was funded for several million a year. Not confidence inspiring. Maybe would have improved if the funds had been spent more appropriately.
Similar story with Mozilla.
Where are you getting these numbers? Looking at the PSFs Report for 2024 [0], 50% of their expenses went to pycon. Would you consider that outreach? I believe conferences are very important as part of the health of a language, and reading the definition of outreach[1], I would not classify the conference as that. The second highest amount of expenses (27.1%) went to (surprise!) "Packaging Work Group/Infrastructure/Other", i.e. pypi, pip etc... "Outreach & Education" was only 2.8% of 12.9% of expenses, i.e. 0.3612%, which is $17846 (actual dollars, not thousands like in the report.)
[0] https://www.python.org/psf/annual-report/2024/ [1] https://en.wikipedia.org/wiki/Outreach
The assertions above are my memory from pre-covid, I’d look at 2019 and before perhaps. Many things changed after that (and council too) but it takes a while to change perception.
In 2019 [0] they only had 2.5 million of total expenses, of which 75% was pycon. So even if everything else was on "outreach" (it was not), that would only be $642,500, which is not "several million a year".
In 2020 [1] 48.1% went to "Packaging Work Group/Infrastructure/Other" (I assume because in person pycon was canceled).
I also checked 2021 [2], which was 32.7% pycon and 31.2% pip etc...
Also 2022 [3], 57.8% pycon, 26.6% Packaging Work Group...
In 2023 [4], 60.5% pycon, and Packaging Work Group expenses decreased to 9.6% because of fastly now provides the bandwidth/hosting: "We are grateful to Fastly for making the online services that the PSF provides possible, so that we can invest time and resources into advancing our infrastructure to better meet community wants and needs."
So your assertion seems to have never been true.
[0] https://www.python.org/psf/annual-report/2019/
[1] https://www.python.org/psf/annual-report/2020/
[2] https://www.python.org/psf/annual-report/2021/
[3] https://www.python.org/psf/annual-report/2022/
[4] https://www.python.org/psf/annual-report/2023/
As mentioned covid changed everything, so please stop pulling figures from that once in a lifetime event.
I have looked at 2018-2016, where the expenses are almost completely the main pycon and more local pycons. Also sponserships like "Pallets group, which maintains projects such as Flask and Jinja" (2018). Everything other than the main pycon is less than 1 million dollars combined in expenses.
I feel it is important to look at the facts, not just vibes.
> Also sponserships like "Pallets group ...
Those are "fiscal sponsorships" meaning the PSF holds money for other organizations. The PSF is not funding Pallets (or Boston Python or North Bay Python, etc, etc). They accept money earmarked for those organizations and provide administrative support. Details: https://www.python.org/psf/fiscal-sponsorees/
Thanks for the correction!
A portion of pycon expenses are spent on outreach and teaching during the event. Arguably all of pycon is outreach. There are dedicated grants, aid, support as well. The 2019 PDF breakdown doesn't seem to be available any longer.
During the 2010s, the packaging group was begging for help. "We're only volunteers," a common refrain: https://news.ycombinator.com/item?id=46605018
During the 2020s, funding for packaging was provided by Mozilla and Chan-Zuck, as PSF wasn't doing enough. https://www.python.org/psf/annual-report/2019/
As we all know, Astral stepped in and solved the problem for them. I moved to their tools as soon as was possible. And not simply because they were fast, but because they work.
For example, here's one that pypa broke for my package a couple of years ago in pip, and never fixed: https://github.com/pypa/packaging/issues/774
> They refused to invest in packaging to the extent that a separate company (astral) had to do it for them
uv didn't just happen in a vacuum, there has been lots of investment in the Python packaging ecosystem that has enabled it (and other tools) to try and improve the shortcomings of Python and packaging.
There's PEP 518 [1] for build requirements, PEP 600 [2] for manylinux wheels, PEP 621 [3] for pyproject.toml, PEP 656 [4] for musl wheels platform identifiers, PEP 723 [5] for inline script metadata.
Without all this uv wouldn't be a thing and we would be stuck with pip and setuptools or a bunch of more bandaid hacks on top making the whole thing brittle.
[1] https://peps.python.org/pep-0518/ [2] https://peps.python.org/pep-0600/ [3] https://peps.python.org/pep-0621/ [4] https://peps.python.org/pep-0654/ [5] https://peps.python.org/pep-0723/
Obviously, but writing PEPs is not enough. Read through the comments under any Python thread here from the late 2010s to early 2020s. Just ~two years ago you couldn't talk about anything Python-related without discussion veering far offtopic to complain about packaging.
They didn't just write the PEP, they implemented them.
Not well enough, I linked elsewhere to a breaking release bug, but there were others. Astral made them reliable, usable, and incidentally fast.
It seemed pipenv is more than sufficient, why should I use uv?
That's the thing, you don't have to :) While I think uv is a great tool and highly recommend it, you are more than welcome to use any of the other build backends or package management tools that fit your workstyle. By having these packaging PEPs (amongst) others, the ecosystem has been able to try out different approaches and most likely over time will consolidate on specific ones that work better than the others.
Anecdata, but uv served as a very good packaging mechanism for a Python library I had to throw on an in extremis box, one that is not connected to the Internet in any way, and one where messing with the system Python was verboten and Docker was a four-letter word.
I don't know much about the Linux Foundation if I'm being honest, even though I've been a 24/7 Linux user for decades, but they seemingly don't have the same image in the ecosystem, at least not close to how people see Mozilla today.
Why is that? Is there lessons to be learned from the Linux Foundation how to actually effectively and responsibly manage that sort of money, in those types of projects?
The Linux foundation is not a nonprofit. It is registered as a 501c6, basically a business consortium, unlike the Python software foundation which is a nonprofit (501c3).
The Linux foundation also stewards way more foundations and projects that just "Linux". They are, among other things, in the business of creating foundations and making money that way. For every organization under the Linux foundation, say the CNCF, to be a part of those subprojects, you need to pay a Linux foundation tax.
The Python Software foundation I don't know much about but their scope seems to be only stewarding python. They seem to have far less corporate outreach then the Linux foundation.
Linux Foundation 990 - note page 16-17 with the salaries - there are for profit entity salaries, not nonprofit salaries.
https://apps.irs.gov/pub/epostcard/cor/460503801_201812_990O...
A foundation should invest in its technology first and resist the strong temptation to fund pet projects (of leadership) with donated money.
I'm not sure what you are labeling as pet projects of leadership? Is there something the PSF is doing that you consider a pet project rather than part of their core mission?
Yes, outreach before investing in packaging. It’s not that outreach is bad but that packaging was crumbling.
I'm not sure how you got to "before" here. The PSF runs PyPI, organizes the Python Packaging Authority, supports sprints and standardization efforts, funds developers in residence and so on. Packaging is improving, partly because of those efforts. It's not an either/or.
https://devclass.com/2025/03/10/pypi-repository-takes-steps-...
Yes, it could use more funding. Glad to see that Anthropic is helping. It's still not an either/or situation. The PSF would not be fulfilling their mission if they only funded packaging until packaging was "solved" (whatever that might mean) and only then did they fund outreach.
I didn't say either/or, and was talking about priorities. One shouldn't install a fancy roof when the foundation is crumbling.
> The PSF would not be fulfilling their mission if they only funded packaging until packaging was "solved" (whatever that might mean) and only then did they fund outreach.
They did the opposite. So they still didn't fulfill it, to the extent that Mozilla, ChanZuck, and astral felt compelled to step in.
As far as I'm aware, Python was only recently (2020s) taught in most schools, so that's the reason it wasn't and isn't well funded. Schools will stick with legacy languages far beyond their market lifetimes, as that is what the instructors know best. So it's not that it isn't well funded, it's that it's still early in terms of global popularity. As we just witnessed, the funding is just now coming in big drops.
MIT was already using Python by 2009[1]; I think it's been one of the "standard" teaching languages for well over a decade at this point.
(By most metrics, Python became "big" in the mid-late 2000s, which is why the Python 3 transition was so painful.)
[1]: https://www.wisdomandwonder.com/link/2110/why-mit-switched-f...
For many of us the language itself has been feature complete for decades.
Glad to see Anthropic continuing to invest in the longevity and quality of their open-source dependencies!
If you missed it, they bought Bun a while back, which is what Claude Code is built in: https://bun.sh/blog/bun-joins-anthropic
Wow. Just came to know from your comment. Not sure if it was covered here on HN. I totally missed it.
It happened quite a while back, most of us knew what direction this was going (Claude Code uses Bun, OpenCode uses Bun, they need Bun to work the best for Claude Code)
I did not know you could make donations with a string attached ("improve security")...
My wife's previous job was as an accountant with the endowment foundation at a mid-sized public university (San Jose State University). A lot of her time was spent making sure that the spending from the endowments many different funds corresponded to the rules that the donors had given when donating that money. Much of that was working with groups to shift spending around between accounts when they invariably made "mistakes".
One of her biggest projects was shepherding a large group of very old donations through a legal process to remove provisions in the donation agreements that were now illegal. In these cases the donors were long deceased, and the most common rule that needed to be changed was targeting race or ethnicity (e.g.: funds setup to help black people, or Irish, etc...).
The sheer number of different variations on "donor intent", or even just the wording on that legal document was astounding. There was always a tension between my wife's group and the group that was bringing in the money ("stewardship"), her group wanted things to be simpler and the "stewarding" group wanted nothing to get in the way of donations. It was remarkably similar to the tensions between sales and engineering in many software firms.
Hello! PSF staffer/author of the linked post here. To be explicit, the Anthropic donation is actually "no strings attached," or in non-profit parlance "unrestricted," but with a handshake agreement that they hope to improve security with this sponsorship. So the gift will enable us to do security work we've wanted to do and it is our intention to do that, but Anthropic didn't formally earmark the money, which gives us a great deal more flexibility plus a lower accounting burden, and I'm personally very grateful for that.
Of course you can. The vast majority of donations of this magnitude come with strings attached, be it how the money is spent, access to leadership/events, etc
It's super common with non-profits. Obviously they would prefer no strings attached but some light strings are usually not a problem for most non-profits.
And they come in a variety of bindingness. I didn’t notice any details in this link which makes me think this is mostly a handshake deal, but it wouldn’t be at all unusual for there to be some auditing mechanisms on a quarterly/yearly cycle.
For example, Wikimedia just recently claimed that they can’t chase some political project that critics wanted them to because most of their funds are earmarked-for/invested-in specific projects. So it does happen with US-based tech non-profits to at least some extent.
The vast majority of donations to, say, universities are made with a specific purpose, and that happens with a lot of non-profits too. The recipient doesn't have to accept the donation, of course, but if they do they track exactly how it was spent.
Yes, and at least the strings they attached are productive palatable unlike some other organizations: https://pyfound.blogspot.com/2025/10/NSF-funding-statement.h...
That link shows the significance of this Anthropic donation too:
> $1.5 million over two years would have been quite a lot of money for us, and easily the largest grant we’d ever received.
It's certainly better than absolute nothing!
Maybe I'm the only one realizing it's exactly the same amount they were due to receive from the US Govt until the Trump administration said they were too woke.
Looking at you Deepmind and OpenAI
Google sponsors the python foundation as per this page: https://www.python.org/psf/sponsors/
Kinda crazy that the top level "Visionary Sponsor" is a donation level of $160k. There's also 0 sponsors at the $100k level. I was also surprised to see Netflix at $5k and Jane Street at $17k. Maybe they should give more but there's a lot of names absent and that says more
Seems like a good time to throw out a reminder regarding "Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure" by Nadia Asparouhova. While she may have published it in 2016, it's still relevant today and speaks to the need for the private sector generally (looking at you VC firms) to support and understand the open source work, hours of unfunded labor, powering our societies.
https://www.fordfoundation.org/learning/library/research-rep...
Big Tech should really be footing the bill here as well as large established VC firms.
Really simple fix: social pressure and expectations should be that every company that uses open source pays a fixed amount of their revenue (is 0.1% low enough to be negligible for the companies). Companies that don't should shunned.
The problem is, people who make that decision can either spend 0.1% to support open source and get return on investment in terms of better business performance in 2-3 business years. Or they could pay themselves 0.1% in bonuses right now and get an immediate return.
How about we skip the social pressure and levy a tax on them that is used to shore up a sovereign fund for OSS.
They won’t even attempt to read ToS, you think they’ll shun companies?
To a large extent they do and always have. It's not as broad or fair as it should be[1], but for almost any economically important project all the major contributors and maintainers are on the payroll of one of the big tech interests or a foundation funded by them.
The hippies writing that software may not be compensated at the level you'd expect given the value they provide, but they'll never go hungry.
[1] LLVM and Linux get more cash than they can spend. GNU stuff is comparatively impoverished because everyone assumes they'd do it for free anyway. Stuff that ships on a Canonical desktop or RHEL default install gets lots of cash but community favorites like KDE need to make their own way, etc... Also just to be clear: node is filled with povertyware and you should be extremely careful what you grab from npm.
> but for almost any economically important project all the major contributors and maintainers are on the payroll of one of the big tech interests or a foundation funded by them.
"almost" is the load bearing word here, and/or a weasel word. Define what an "economically important project" is.
> Also just to be clear: node is filled with povertyware and you should be extremely careful what you grab from npm.
Is "povertyware" what we call software written by people and released for free now?
> "almost" is the load bearing word here, and/or a weasel word. Define what an "economically important project" is.
Linux, clang, python, react, blink, v8, openssl... You know what I mean. I stand by what I said. Do you have a counterexample you think is clearly unfunded? They exist[1], but they're rare.
> Is "povertyware" what we call software written by people and released for free now?
It's software subject to economic coercion owing to the lack of means of its maintainership. It's 100% fine for you to write and release software for free, but if a third party bets their own product on it they're subject to an attack where I hand you $7M to look the other way while I borrow your shell.
[1] The xz-utils attack is the flag bearer for this kind of messup, obviously.
Unfunded is kind of a stretch, but at least libxml2.
Essentially "povertyware" as you call it when you consider the trillion dollar companies built on top of them? Now that's way easier: SQLite, PostgreSQL, ffmpeg, imagemagick, numpy, pandas, GTK, curl, zlib, libpng, zxing or any other popular qr/barcode library, etc...
> Linux, clang, python, react, blink, v8, openssl... You know what I mean. I stand by what I said. Do you have a counterexample you think is clearly unfunded? They exist[1], but they're rare.
For Linux "all the major contributors and maintainers are on the payroll of one of the big tech interests or a foundation funded by them" is simply not true. It's trivial to prove this by just looking at the maintainers of the subsystems. Making this claim is nonsense to begin with.
Same is true for several major contributors to the Python compiler and subsequent libraries as well.
You will move the goalpost by trying to narrow down what "major contributor" means.
> It's software subject to economic coercion owing to the lack of means of its maintainership. It's 100% fine for you to write and release software for free, but if a third party bets their own product on it they're subject to an attack where I hand you $7M to look the other way while I borrow your shell.
So without knowing anyone you are making a value judgement on the (probable?) lack of ethics? Excuse me?
> You will move the goalpost
I can't move the goalpost if you won't produce a ball. Who exactly are you thinking of that needs a job but doesn't have one?
> Who exactly are you thinking of that needs a job but doesn't have one?
That is not your claim. Your claim is that they "are on the payroll of one of the big tech interests or a foundation funded by them". Which is simply not true.
You can easily find several maintainers of these projects doing this as their part-time hobby project, have cut a deal at work or simply don't work at place that funds Linux development.
I'm not going to call out individual I know the situation and/or their employment history.
What is a "economically important project"? A company that makes a lot of money?
> LLVM and Linux get more cash than they can spend. GNU stuff is comparatively impoverished because everyone assumes they'd do it for free anyway. Stuff that ships on a Canonical desktop or RHEL default install gets lots of cash but community favorites like KDE need to make their own way, etc... Also just to be clear: node is filled with povertyware and you should be extremely careful what you grab from npm.
This is often the problem with charity in general. It's hard to find good organizations that actually need your money. Great ones self-sustain on their own revenue. Good ones are saturated with donations from their own users. There's just a small sliver of projects that are awesome, and could productively use financial support. From personal experience, identifying these is often far more costly than the act of writing a check.
*by Nadia Eghbal
EDIT: or are you rather thinking about the book Working in Public: The Making and Maintenance of Open Source Software?
Actually, since 2022, Nadia Asparouhova :)
From a 2022 email:
> (P.S. I have a new last name! Still transitioning everything over, but I’m now Nadia Asparouhova.)
That clears things up, thanks!
Here the website of the author: https://nadia.xyz/
"Over two years". Does that mean the foundation has to do what they want it to do or else the tap stops?
Well the funds are earmarked for security matters, so it should be spent regarding that.
It's easy to donate, since it's not their money. They are not profitable. Just Nvidia's money, they're paying themselves for new GPUs and datacenters.
Internal forecasts indicate Anthropic’s annualized revenue run-rate could be between about $20 billion and $26 billion in 2026. Let's shoot for the middle, $23 billion
According to multiple articles, Anthropic expects to reduce its cash burn to around one-third of revenue in 2026.
This implies total spending is roughly revenue + cash burn ≈ $23 billion + $7.7 billion ≈ $30.7 billion
When you divide the total spending to the length of the whole year, $1.5 million would sustain Anthropic for roughly 0.43 hours, or about 26 minutes.
It does seem small at Anthropic scale. But instead of faulting them for contributing "so little", maybe we can point to the thousands of large companies that are doing nothing.
Source: https://pyfound.blogspot.com/2025/12/anthropic-invests-in-py...
Link added above. Thanks!
Just recently I heard that typed languages are best for agentic programming
Just recently I heard that they can donate to “typed languages” too, a donation to one language does’t preclude other donations, and given their cash injections they have a few $1.5m’s to spare.
For any programming really, but I think Python got big due to
I say that as someone urging people to look beyond Python when they master the basics of programming.Python has a terseness that is hard to rival. I think that was a major selling point: its constructs and use of whitespace mean that a valid Python program looks pretty close to the pseudo-code one might write to reason out the problem before writing it in another language.
I doubt that this is the selling point. Imho it is nothing special compared to Haskell, F# and the likes.
It's a huge selling point for me and many I know who knows it. Nothing like code that you can read like you're reading a book/article.
Python doesn't require you to understand monads to write useful Python.
To be clear: Haskell is great, but its entire vibe (lazy evaluation, pure functions) is entirely different from what Python's about. Someone who knows C++ or Java has a much bigger gap to jump to pick up Haskell than to pick up Python.
I know I am not going to sell it to monogamous devs, but those that are open minded should give it a try.
___
¹ This is something people will start to appreciate once they get serious about the risk of supply chain attacks.
² Python developers feel they are doing fine with pip or uv, at least in my experience, but then I find they haven't dealt with package mgmt in alternative languages.
³ Types in python are a hack, bolting on something afterwards will not reach what is possible with a language that has been designed with types as core element.
Python is a typed language. Perhaps you were trying to say something different?
Is it static or dynamic? Whatever rust is that python isn’t.
Rust is static. Python is optionally static.
Python type hints are static - at the moment, they are advisory only, but there is an obvious route forward to making Python an (optionally) fully statically typed language by using static type checking on programs before execution.
Didn't The Powers That Be™ say that was not going to happen?
I might be missing the point but isn’t this what we use mypy et al for today?
They clearly meant a statically typed language. Yes Python is Strongly Typed, but I think we all knew what they meant.
Types are best, period. Whether they are native or hints doesn't really matter for the agent, what matters is the interface contract they provide.
I don’t get this argument because if we put the effort to get it typed, we don’t get one of the best benefits - performance.
But that's not the argument here. Python type hints allow checking correctness statically, which is what matters for agents.
Yes then you might as well use some other language that uses types but also gets you performance. I agree the ecosystem is missing but hey we have LLMs now
I don't understand why you keep bringing up performance. If you're considering using Python, as many projects are, performance is obviously not a concern.
Python is a good language. Its ecosystem is rich, and I find it very productive. I want to use it, but I also want as much static analysis as possible, so I use ruff and pyright.
Performance isn’t the only important metric. There are other pros to weigh. For many apps a language might be performant enough, and bring other pros that make it more appealing than more performant alternatives.
That’s what makes types easier for me, too, so that makes sense.
> Python type hints allow checking correctness statically
Not really. You can do some basic checking, like ensuring you don't pass a string into where an integer is expected, but your tests required to make sure that you're properly dealing with those integers (Python type hints aren't nearly capable enough to forgo that) would catch that anyway. The LLM doesn't care if the error comes from a type checker or test suite.
When you get into real statically typed languages there isn't much consideration for Python. Perhaps you can prompt an LLM to build you an extractor, but otherwise, based on what already exists, your best bet is likely Lean extracted to C, imported as a Python module. Easier would be to cut Python out of the picture, though.
If you are satisfied with the SMT middle-ground, Dafny does support Python as a target. But as the earlier commenter said: Types are best.
I think you're underestimating the current state of the Python type system. With Python 3.12 and pyright or mypy in strict mode, it's very reliable, and it makes those kinds of tests unnecessary. This requires you to fully buy into the idea, though, with 100% of your codebase statically typed and using only typed libraries, unless you're comfortable writing wrappers.
It's not Rust-level, but I'd argue it's better than C or Go's type systems.
The comparison with Rust and not something like Lean, Rocq, or Idris is telling. Rust's type system is not much better than Python's, still requiring tests for everything.
These partial type systems cannot replace any actually useful tests. I'll grant you that testing is the least understood aspect of computer science, leading to a lot of really poorly conceived tests out in the wild. I can buy that those bad, useless tests can be replaced — albeit weren't actually needed in the first place.
The best benefit depends on your problem domain.
For a lot of the business world, code flexibility is much more important than speed because speed is bottlenecked not on the architecture but on the humans in the process; your database queries going from two seconds to one second matters little if the human with their squishy eyeballs takes eight seconds to digest and understand the output anyway. But when the business's needs change, you want to change the code supporting them now, and types make it much easier to do that with confidence you aren't breaking some other piece of the problem domain's current solution you weren't thinking about right now (especially if your business is supported by a team of dozens to hundreds of engineers and they each have their own mental model of how it all works).
Besides... Regarding performance, there is a tiny hit to performance in Python for including the types (not very much at all, having more to do with space efficiency than runtime). Not only do most typed languages not suffer performance hindrance from typing, the typing actually enables their compilation-time performance optimizations. A language that knows "this variable is an int and only and int and always an int" doesn't need any runtime checks to confirm that nobody's trying to squash a string in there because the compiler already did that work by verifying every read and write of the variable to ensure the rules are followed. All that type data is tossed out when the final binary gets built.
So add mypy to your pre-commit
Or ty: https://astral.sh/blog/ty
Damn… ok, I’ll try it
All this but none of the performance benefits.
I'd say most of us who prefer Python (a pretty significant number given it's the most popular language out there) don't care that much about performance, as today's machines are pretty fast and the main bottlenecks aren't in the language itself anyway. What we care about is usability/friendliness so we ourselves can iterate quickly.
If your code is talking to an LLM, the performance difference between rust and python represents < 0.1% of the time you spend waiting for computers to do stuff. It's just not an important difference.
This is clearly not what I'm speaking about - there are only a few applications that talk to an LLM.
The article is about Anthropic's contribution to Python. Pretty much all of their code talks to an LLM.
And just a few comments earlier you said:
> Just recently I heard that typed languages are best for agentic programming
Are we not talking about using python (or some alternative) to constrain the behavior of agents?
I was more thinking of python used as general purpose backend language. We can use LLM's to vibecode such languages.
Today…
It's true; mypy won't make your Python faster. To get something like that, you'd want to use Common LISP and SBCL; the SBCL compiler can use type assertions to actually throw away code-paths that would verify type expectations at runtime (introducing undefined behavior if you violate the type assertions).
It's pretty great, because you can run it in debug mode where it will assert-fail if your static type assertions are violated, or in optimized mode where those checks (and the code to support multiple types in a variable) go away and instead the program just blows up like a C program with a bad cast does.
> mypy won't make your Python faster
Mypyc will do. See https://blog.glyph.im/2022/04/you-should-compile-your-python...
The point about mypy was it does type checking (static analysis) for your Python code. Not speeding it up.
For vibe code, since it's not important whether the output works, JavaScript is even better.
Why is this getting downvoted... it is true. Also it is true that dynamic languages (like Ruby ;) and Python) are more efficient with tokens, like significantly then types like C, C++ or such. But Javascript and Typescript are using twice the tokens of Ruby for example and Clojure is even more efficient, obviosly I would add.
It's not incorrect, but in the context of the given Hacker News submission it reads as "why fund Python at all?"
AFAICT Python basically is a [statically-]typed language nowadays. Most people are using MyPy or an alternative typechecker, and the community frowns on those who aren’t.
> Most people are using MyPy or an alternative typechecker, and the community frowns on those who aren’t.
That's not like a widespread/by-default/de-facto standard across the ecosystem, by a wide margin. Browse popular/trending Python repositories and GitHub sometime and I guess you can see.
Most of the AI stuff released is still basically using conda or pip for dependencies, more times than not, they don't even share/say what Python version they used. It's basically still the wild west out there.
Never had anyone "frown" towards me for not using MyPy or any typechecker either, although I get plenty of that from TS fans when I refuse to adopt TS.
> Never had anyone "frown" towards me for not using MyPy or any typechecker either
I’ve seen it many times. Here’s one of the more extreme examples, a highly-upvoted comment that describes not using type hints as “catastrophically unprofessional”:
https://www.reddit.com/r/Python/comments/1iqytkf/python_type...
But yeah, that's reddit, people/bots rejoice over anything being cargoculted there, and you really can't take any upvote/downvote numbers on reddit seriously, it's all manipulated today.
Don't read stuff on reddit and use whatever you've "learned" there elsewhere, because it's basically run by moderators who try to profit of their communities these days, hardly any humans left on the subreddits.
Edit: I really can't stress this enough, don't use upvotes/likes/stars/whatever as an indicator that a person on the internet is right and has a good point, especially not on reddit but I would advice people to not do so on HN either, or any other place. But again, especially on reddit, the upvotes literally count for nothing. Don't pick up advice based on upvoted comments on reddit!
Generally you only get frowned at if you're not using type hints while contributing to a project whose coding standards say "we use type hints here."
If you're working on a project that doesn't use type hints, there's also plenty of frowning, but that's just because coding without a type checker is kind of painful.
> Generally you only get frowned at if you're not using type hints while contributing to a project whose coding standards say "we use type hints here."
Yeah, that obviously makes sense, not following the code guidelines of a project should be frowned upon.
I think in the case of TS, it's more that JavaScript itself is notoriously trash (I'm not being subjective; see https://www.destroyallsoftware.com/talks/wat), and TypeScript helps paper over like 90% of the holes in JavaScript.
Python typed or untyped feels like a taste / flexibility / prototyping tradeoff; TypeScript vs. JavaScript feels like "Do you want to get work done or do you want to wrap barbed wire around your ankle and pull?" And I say this as someone who will happily grab JS sometimes (for <1,000 LOC projects that I don't plan to maintain indefinitely or share with other people).
Plus, TypeScript isn't a strict superset of JavaScript, so choice at the beginning matters; if you start in JS and decide to use TS later, you're going to have to port your code.
Typed Python vs untyped Python is literally the same as TS vs JS, don't let others fool you into thinking somehow it's different.
> TypeScript helps paper over like 90% of the holes in JavaScript
Always kind of baffles me when people say this, how are you actually programming where 90% of the errors/bugs you have are related to types and other things TS addresses? I must be doing something very different when writing JS because while those things happen sometime (once or twice a year maybe?), 90% of the issues I have while programming are domain/logic bugs, and wouldn't be solved by TS in any way.
I mean, I'm one of the fools who would fool you into thinking it's different, since I use all four languages. ;)
I can just skip the mypy run if I want to do untyped Python. I can't skip adding types if I'm writing TypeScript in most contexts; it's not valid TypeScript syntax. Conversely, I can't add types to JavaScript; it's not valid JavaScript syntax (jsdoc tags and running a static checker over that being a different subject, and more akin to the Python situation).
> how are you actually programming where 90% of the errors/bugs you have are related to types and other things TS addresses
It's the things in the "wat" video. JavaScript, in general, errs on the side of giving you some answer when you try and do something very unusual with types (like add a boolean to a number or a string to an array) over taking a runtime error. TypeScript will fail to typecheck in most of the places where those operations are techincally correct but surprising as hell in the wrong way unless you explicitly coerce the types to match up.
> It's the things in the "wat" video.
It's a funny video, still after 15 years of seeing it, I'll give you that. But the number of times I'm bothered by accidentally triggering those scenarios in real-life? Could probably count that on one hand.
I also give you that TypeScript helps beginner JavaScript developers a ton, and that's no easy feat by itself, just because of those things you mention. Once you build up intuition about how things work in JavaScript though, those sort of bugs should stop happening though, otherwise I'd say you aren't really learning the language.
It's a pretty nice best-of-both-worlds arrangement. The type information is there, but the program still runs without it (unless one is doing something really fancy, since it does actually make a runtime construct that can be introspected; some ORMs use the static type data to figure out database-to-object bindings). So you can go without types for prototyping, and then when you're happy with your prototype you can let mypy beat you up until the types are sound. There is a small nonzero cost to using the types at runtime (since they do create metadata that doesn't get dropped like in most languages with a static compilation step, like C++ or TypeScript).
I can name an absolute handful of languages I've used that have that flexibility. Common LISP comes to mind. But in general you get one or the other option.
> It's a pretty nice best-of-both-worlds arrangement
It’s also a worst-of-both-worlds arrangement, in that you have to do the extra work to satisfy the type checker but don’t get the benefits of a compiled language in terms of performance and ease-of-deployment, and only partial benefits in terms of correctness (because the type system is unsound).
AFAIK the Dart team felt this way about optional typing in Dart 1.x, which is why they changed to sound static typing for Dart 2.
Without dependent typing, it's the worst of all worlds anyway. You have to express types, but they aren't expressive enough to not have to also express the same in tests, leaving this weird place where you have to repeat yourself over and over.
That was an okay tradeoff for humans writing code as it enables things like the squiggly line as you type for basic mistakes, automatic refactoring, etc. But that stuff makes no difference to LLMs.