PyPI - safetensors - Versions diffs - 0.4.4rc0__tar.gz → 0.4.6.dev0__tar.gz - Mend

safetensors 0.4.4rc0tar.gz → 0.4.6.dev0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of safetensors might be problematic. Click here for more details.

Files changed (54) hide show

{safetensors-0.4.4rc0 → safetensors-0.4.6.dev0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: safetensors
-Version: 0.4.4rc0
+Version: 0.4.6.dev0
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Intended Audience :: Developers
 Classifier: Intended Audience :: Education
@@ -20,7 +20,7 @@ Requires-Dist: torch >=1.10 ; extra == 'torch'
 Requires-Dist: safetensors[numpy] ; extra == 'tensorflow'
 Requires-Dist: tensorflow >=2.11.0 ; extra == 'tensorflow'
 Requires-Dist: safetensors[numpy] ; extra == 'pinned-tf'
-Requires-Dist: tensorflow ==2.11.0 ; extra == 'pinned-tf'
+Requires-Dist: tensorflow ==2.18.0 ; extra == 'pinned-tf'
 Requires-Dist: safetensors[numpy] ; extra == 'jax'
 Requires-Dist: flax >=0.6.3 ; extra == 'jax'
 Requires-Dist: jax >=0.3.25 ; extra == 'jax'

{safetensors-0.4.4rc0 → safetensors-0.4.6.dev0}/bindings/python/Cargo.lock RENAMED Viewed

@@ -4,9 +4,9 @@ version = 3
 [[package]]
 name = "autocfg"
-version = "1.3.0"
+version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0"
+checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
 [[package]]
 name = "cfg-if"
@@ -34,15 +34,21 @@ checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"
 [[package]]
 name = "libc"
-version = "0.2.155"
+version = "0.2.161"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c"
+checksum = "8e9489c2807c139ffd9c1794f4af0ebe86a828db53ecdc7fea2111d0fed085d1"
+[[package]]
+name = "memchr"
+version = "2.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
 [[package]]
 name = "memmap2"
-version = "0.9.4"
+version = "0.9.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fe751422e4a8caa417e13c3ea66452215d7d63e19e604f4980461212f3ae1322"
+checksum = "fd3f7eed9d3848f8b98834af67102b720745c4ec028fcd0aa0239277e7de374f"
 dependencies = [
  "libc",
 ]
@@ -58,30 +64,30 @@ dependencies = [
 [[package]]
 name = "once_cell"
-version = "1.19.0"
+version = "1.20.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
+checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775"
 [[package]]
 name = "portable-atomic"
-version = "1.6.0"
+version = "1.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7170ef9988bc169ba16dd36a7fa041e5c4cbeb6a35b76d4c03daded371eae7c0"
+checksum = "cc9c68a3f6da06753e9335d63e27f6b9754dd1920d941135b7ea8224f141adb2"
 [[package]]
 name = "proc-macro2"
-version = "1.0.85"
+version = "1.0.89"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22244ce15aa966053a896d1accb3a6e68469b97c7f33f284b99f0d576879fc23"
+checksum = "f139b0662de085916d1fb67d2b4169d1addddda1919e696f3252b740b629986e"
 dependencies = [
  "unicode-ident",
 ]
 [[package]]
 name = "pyo3"
-version = "0.22.2"
+version = "0.22.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "831e8e819a138c36e212f3af3fd9eeffed6bf1510a805af35b0edee5ffa59433"
+checksum = "f402062616ab18202ae8319da13fa4279883a2b8a9d9f83f20dbade813ce1884"
 dependencies = [
  "cfg-if",
  "indoc",
@@ -97,9 +103,9 @@ dependencies = [
 [[package]]
 name = "pyo3-build-config"
-version = "0.22.2"
+version = "0.22.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e8730e591b14492a8945cdff32f089250b05f5accecf74aeddf9e8272ce1fa8"
+checksum = "b14b5775b5ff446dd1056212d778012cbe8a0fbffd368029fd9e25b514479c38"
 dependencies = [
  "once_cell",
  "target-lexicon",
@@ -107,9 +113,9 @@ dependencies = [
 [[package]]
 name = "pyo3-ffi"
-version = "0.22.2"
+version = "0.22.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5e97e919d2df92eb88ca80a037969f44e5e70356559654962cbb3316d00300c6"
+checksum = "9ab5bcf04a2cdcbb50c7d6105de943f543f9ed92af55818fd17b660390fc8636"
 dependencies = [
  "libc",
  "pyo3-build-config",
@@ -117,9 +123,9 @@ dependencies = [
 [[package]]
 name = "pyo3-macros"
-version = "0.22.2"
+version = "0.22.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eb57983022ad41f9e683a599f2fd13c3664d7063a3ac5714cae4b7bee7d3f206"
+checksum = "0fd24d897903a9e6d80b968368a34e1525aeb719d568dba8b3d4bfa5dc67d453"
 dependencies = [
  "proc-macro2",
  "pyo3-macros-backend",
@@ -129,9 +135,9 @@ dependencies = [
 [[package]]
 name = "pyo3-macros-backend"
-version = "0.22.2"
+version = "0.22.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ec480c0c51ddec81019531705acac51bcdbeae563557c982aa8263bb96880372"
+checksum = "36c011a03ba1e50152b4b394b479826cad97e7a21eb52df179cd91ac411cbfbe"
 dependencies = [
  "heck",
  "proc-macro2",
@@ -142,9 +148,9 @@ dependencies = [
 [[package]]
 name = "quote"
-version = "1.0.36"
+version = "1.0.37"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7"
+checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af"
 dependencies = [
  "proc-macro2",
 ]
@@ -157,7 +163,7 @@ checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f"
 [[package]]
 name = "safetensors"
-version = "0.4.4-rc.0"
+version = "0.4.6-dev.0"
 dependencies = [
  "serde",
  "serde_json",
@@ -165,7 +171,7 @@ dependencies = [
 [[package]]
 name = "safetensors-python"
-version = "0.4.4-rc.0"
+version = "0.4.6-dev.0"
 dependencies = [
  "memmap2",
  "pyo3",
@@ -175,18 +181,18 @@ dependencies = [
 [[package]]
 name = "serde"
-version = "1.0.203"
+version = "1.0.214"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094"
+checksum = "f55c3193aca71c12ad7890f1785d2b73e1b9f63a0bbc353c08ef26fe03fc56b5"
 dependencies = [
  "serde_derive",
 ]
 [[package]]
 name = "serde_derive"
-version = "1.0.203"
+version = "1.0.214"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba"
+checksum = "de523f781f095e28fa605cdce0f8307e451cc0fd14e2eb4cd2e98a355b147766"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -195,20 +201,21 @@ dependencies = [
 [[package]]
 name = "serde_json"
-version = "1.0.117"
+version = "1.0.132"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "455182ea6142b14f93f4bc5320a2b31c1f266b66a4a5c858b013302a5d8cbfc3"
+checksum = "d726bfaff4b320266d395898905d0eba0345aae23b54aee3a737e260fd46db03"
 dependencies = [
  "itoa",
+ "memchr",
  "ryu",
  "serde",
 ]
 [[package]]
 name = "syn"
-version = "2.0.66"
+version = "2.0.87"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5"
+checksum = "25aa4ce346d03a6dcd68dd8b4010bcb74e54e62c90c573f394c46eae99aba32d"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -217,15 +224,15 @@ dependencies = [
 [[package]]
 name = "target-lexicon"
-version = "0.12.14"
+version = "0.12.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e1fc403891a21bcfb7c37834ba66a547a8f402146eba7265b5a6d88059c9ff2f"
+checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1"
 [[package]]
 name = "unicode-ident"
-version = "1.0.12"
+version = "1.0.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
+checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe"
 [[package]]
 name = "unindent"

{safetensors-0.4.4rc0 → safetensors-0.4.6.dev0}/bindings/python/Cargo.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [package]
 name = "safetensors-python"
-version = "0.4.4-rc.0"
+version = "0.4.6-dev.0"
 edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
@@ -9,7 +9,7 @@ name = "safetensors_rust"
 crate-type = ["cdylib"]
 [dependencies]
-pyo3 = { version = "0.22" }
+pyo3 = { version = "0.22", features = ["abi3", "abi3-py38"] }
 memmap2 = "0.9"
 serde_json = "1.0"

safetensors-0.4.6.dev0/bindings/python/README.md ADDED Viewed

@@ -0,0 +1,60 @@
+## Installation
+```
+pip install safetensors
+```
+## Usage
+### Numpy
+```python
+from safetensors.numpy import save_file, load_file
+import numpy as np
+tensors = {
+   "a": np.zeros((2, 2)),
+   "b": np.zeros((2, 3), dtype=np.uint8)
+}
+save_file(tensors, "./model.safetensors")
+# Now loading
+loaded = load_file("./model.safetensors")
+```
+### Torch
+```python
+from safetensors.torch import save_file, load_file
+import torch
+tensors = {
+   "a": torch.zeros((2, 2)),
+   "b": torch.zeros((2, 3), dtype=torch.uint8)
+}
+save_file(tensors, "./model.safetensors")
+# Now loading
+loaded = load_file("./model.safetensors")
+```
+### Developing
+```
+# inside ./safetensors/bindings/python
+pip install .[dev]
+```
+Should be enough to install this library locally.
+### Testing
+```
+# inside ./safetensors/bindings/python
+pip install .[dev]
+pytest -sv tests/
+```

{safetensors-0.4.4rc0 → safetensors-0.4.6.dev0}/bindings/python/convert_all.py RENAMED Viewed

@@ -16,7 +16,7 @@ if __name__ == "__main__":
     correct = 0
     errors = set()
     for model in models:
-        model = api.model_info(model.modelId, files_metadata=True)
+        model = api.model_info(model.id, files_metadata=True)
         size = None
         for sibling in model.siblings:
             if sibling.rfilename == "pytorch_model.bin":

{safetensors-0.4.4rc0 → safetensors-0.4.6.dev0/bindings/python}/py_src/safetensors/__init__.pyi RENAMED Viewed

@@ -62,7 +62,7 @@ class safe_open:
             The filename to open
         framework (:obj:`str`):
-            The framework you want you tensors in. Supported values:
+            The framework you want your tensors in. Supported values:
             `pt`, `tf`, `flax`, `numpy`.
         device (:obj:`str`, defaults to :obj:`"cpu"`):

{safetensors-0.4.4rc0 → safetensors-0.4.6.dev0}/bindings/python/src/lib.rs RENAMED Viewed

@@ -5,8 +5,7 @@ use pyo3::exceptions::{PyException, PyFileNotFoundError};
 use pyo3::prelude::*;
 use pyo3::sync::GILOnceCell;
 use pyo3::types::IntoPyDict;
-use pyo3::types::PySlice;
-use pyo3::types::{PyByteArray, PyBytes, PyDict, PyList};
+use pyo3::types::{PyByteArray, PyBytes, PyDict, PyList, PySlice};
 use pyo3::Bound as PyBound;
 use pyo3::{intern, PyErr};
 use safetensors::slice::TensorIndexer;
@@ -65,8 +64,8 @@ fn prepare(tensor_dict: HashMap<String, PyBound<PyDict>>) -> PyResult<HashMap<St
         let pydtype = tensor_desc.get_item("dtype")?.ok_or_else(|| {
             SafetensorError::new_err(format!("Missing `dtype` in {tensor_desc:?}"))
         })?;
-        let dtype: &str = pydtype.extract()?;
-        let dtype = match dtype {
+        let dtype: String = pydtype.extract()?;
+        let dtype = match dtype.as_ref() {
             "bool" => Dtype::BOOL,
             "int8" => Dtype::I8,
             "uint8" => Dtype::U8,
@@ -842,10 +841,27 @@ impl PySafeSlice {
     pub fn __getitem__(&self, slices: &PyBound<'_, PyAny>) -> PyResult<PyObject> {
         match &self.storage.as_ref() {
             Storage::Mmap(mmap) => {
-                let slices: Slice = slices.extract()?;
+                let pyslices = slices;
+                let slices: Slice = pyslices.extract()?;
+                let is_list = pyslices.is_instance_of::<PyList>();
                 let slices: Vec<SliceIndex> = match slices {
                     Slice::Slice(slice) => vec![slice],
-                    Slice::Slices(slices) => slices,
+                    Slice::Slices(slices) => {
+                        if slices.is_empty() && is_list {
+                            vec![SliceIndex::Slice(PySlice::new_bound(
+                                pyslices.py(),
+                                0,
+                                0,
+                                0,
+                            ))]
+                        } else if is_list {
+                            return Err(SafetensorError::new_err(
+                                "Non empty lists are not implemented",
+                            ));
+                        } else {
+                            slices
+                        }
+                    }
                 };
                 let data = &mmap[self.info.data_offsets.0 + self.offset
                     ..self.info.data_offsets.1 + self.offset];

{safetensors-0.4.4rc0 → safetensors-0.4.6.dev0}/bindings/python/tests/test_simple.py RENAMED Viewed

@@ -246,6 +246,10 @@ class ReadmeTestCase(unittest.TestCase):
             self.assertEqual(list(tensor.shape), [10, 5])
             torch.testing.assert_close(tensor, A)
+            tensor = slice_[tuple()]
+            self.assertEqual(list(tensor.shape), [10, 5])
+            torch.testing.assert_close(tensor, A)
             tensor = slice_[:2]
             self.assertEqual(list(tensor.shape), [2, 5])
             torch.testing.assert_close(tensor, A[:2])
@@ -270,6 +274,10 @@ class ReadmeTestCase(unittest.TestCase):
             self.assertEqual(list(tensor.shape), [8])
             torch.testing.assert_close(tensor, A[2:, -1])
+            tensor = slice_[list()]
+            self.assertEqual(list(tensor.shape), [0, 5])
+            torch.testing.assert_close(tensor, A[list()])
     def test_numpy_slice(self):
         A = np.random.rand(10, 5)
         tensors = {
@@ -284,6 +292,10 @@ class ReadmeTestCase(unittest.TestCase):
             self.assertEqual(list(tensor.shape), [10, 5])
             self.assertTrue(np.allclose(tensor, A))
+            tensor = slice_[tuple()]
+            self.assertEqual(list(tensor.shape), [10, 5])
+            self.assertTrue(np.allclose(tensor, A))
             tensor = slice_[:2]
             self.assertEqual(list(tensor.shape), [2, 5])
             self.assertTrue(np.allclose(tensor, A[:2]))
@@ -312,10 +324,18 @@ class ReadmeTestCase(unittest.TestCase):
             self.assertEqual(list(tensor.shape), [8])
             self.assertTrue(np.allclose(tensor, A[2:, -5]))
+            tensor = slice_[list()]
+            self.assertEqual(list(tensor.shape), [0, 5])
+            self.assertTrue(np.allclose(tensor, A[list()]))
             with self.assertRaises(SafetensorError) as cm:
                 tensor = slice_[2:, -6]
             self.assertEqual(str(cm.exception), "Invalid index -6 for dimension 1 of size 5")
+            with self.assertRaises(SafetensorError) as cm:
+                tensor = slice_[[0, 1]]
+            self.assertEqual(str(cm.exception), "Non empty lists are not implemented")
             with self.assertRaises(SafetensorError) as cm:
                 tensor = slice_[2:, 20]
             self.assertEqual(

{safetensors-0.4.4rc0/bindings/python → safetensors-0.4.6.dev0}/py_src/safetensors/__init__.pyi RENAMED Viewed

@@ -62,7 +62,7 @@ class safe_open:
             The filename to open
         framework (:obj:`str`):
-            The framework you want you tensors in. Supported values:
+            The framework you want your tensors in. Supported values:
             `pt`, `tf`, `flax`, `numpy`.
         device (:obj:`str`, defaults to :obj:`"cpu"`):

{safetensors-0.4.4rc0 → safetensors-0.4.6.dev0}/pyproject.toml RENAMED Viewed

@@ -42,7 +42,7 @@ tensorflow = [
 # pinning tf version 2.11.0 for doc-builder
 pinned-tf = [
     "safetensors[numpy]",
-    "tensorflow==2.11.0",
+    "tensorflow==2.18.0",
 ]
 jax = [
     "safetensors[numpy]",

{safetensors-0.4.4rc0 → safetensors-0.4.6.dev0}/safetensors/Cargo.toml RENAMED Viewed

@@ -1,13 +1,13 @@
 [package]
 name = "safetensors"
-version = "0.4.4-rc.0"
+version = "0.4.6-dev.0"
 edition = "2021"
 homepage = "https://github.com/huggingface/safetensors"
 repository = "https://github.com/huggingface/safetensors"
 documentation = "https://docs.rs/safetensors/"
 license = "Apache-2.0"
 keywords = ["safetensors", "huggingface", "Tensors", "Pytorch", "Tensorflow"]
-readme = "./README.md"
+readme = "README.md"
 description = """
 Provides functions to read and write safetensors which aim to be safer than
 their PyTorch counterpart.

{safetensors-0.4.4rc0 → safetensors-0.4.6.dev0}/safetensors/src/tensor.rs RENAMED Viewed

@@ -345,10 +345,10 @@ impl<'data> SafeTensors<'data> {
         Ok(Self { metadata, data })
     }
-    /// Allow the user to iterate over tensors within the SafeTensors.
+    /// Returns the tensors contained within the SafeTensors.
     /// The tensors returned are merely views and the data is not owned by this
     /// structure.
-    pub fn tensors(&self) -> Vec<(String, TensorView<'_>)> {
+    pub fn tensors(&self) -> Vec<(String, TensorView<'data>)> {
         let mut tensors = Vec::with_capacity(self.metadata.index_map.len());
         for (name, &index) in &self.metadata.index_map {
             let info = &self.metadata.tensors[index];
@@ -362,10 +362,27 @@ impl<'data> SafeTensors<'data> {
         tensors
     }
+    /// Returns an iterator over the tensors contained within the SafeTensors.
+    /// The tensors returned are merely views and the data is not owned by this
+    /// structure.
+    pub fn iter<'a>(&'a self) -> impl Iterator<Item = (&'a str, TensorView<'data>)> {
+        self.metadata.index_map.iter().map(|(name, &idx)| {
+            let info = &self.metadata.tensors[idx];
+            (
+                name.as_str(),
+                TensorView {
+                    dtype: info.dtype,
+                    shape: info.shape.clone(),
+                    data: &self.data[info.data_offsets.0..info.data_offsets.1],
+                },
+            )
+        })
+    }
     /// Allow the user to get a specific tensor within the SafeTensors.
     /// The tensor returned is merely a view and the data is not owned by this
     /// structure.
-    pub fn tensor(&self, tensor_name: &str) -> Result<TensorView<'_>, SafeTensorError> {
+    pub fn tensor(&self, tensor_name: &str) -> Result<TensorView<'data>, SafeTensorError> {
         if let Some(index) = &self.metadata.index_map.get(tensor_name) {
             if let Some(info) = &self.metadata.tensors.get(**index) {
                 Ok(TensorView {
@@ -541,7 +558,7 @@ impl Metadata {
 /// A view of a Tensor within the file.
 /// Contains references to data within the full byte-buffer
 /// And is thus a readable view of a single tensor
-#[derive(Debug, PartialEq, Eq)]
+#[derive(Debug, PartialEq, Eq, Clone)]
 pub struct TensorView<'data> {
     dtype: Dtype,
     shape: Vec<usize>,
@@ -1038,6 +1055,21 @@ mod tests {
         assert_eq!(tensor.data(), b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
     }
+    #[test]
+    fn test_lifetimes() {
+        let serialized = b"<\x00\x00\x00\x00\x00\x00\x00{\"test\":{\"dtype\":\"I32\",\"shape\":[2,2],\"data_offsets\":[0,16]}}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
+        let tensor = {
+            let loaded = SafeTensors::deserialize(serialized).unwrap();
+            loaded.tensor("test").unwrap()
+        };
+        assert_eq!(tensor.shape(), vec![2, 2]);
+        assert_eq!(tensor.dtype(), Dtype::I32);
+        // 16 bytes
+        assert_eq!(tensor.data(), b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
+    }
     #[test]
     fn test_json_attack() {
         let mut tensors = HashMap::new();

safetensors-0.4.4rc0/safetensors/README.md DELETED Viewed

@@ -1,193 +0,0 @@
-<p align="center">
-  <picture>
-    <source media="(prefers-color-scheme: dark)" srcset="https://huggingface.co/datasets/safetensors/assets/raw/main/banner-dark.svg">
-    <source media="(prefers-color-scheme: light)" srcset="https://huggingface.co/datasets/safetensors/assets/raw/main/banner-light.svg">
-    <img alt="Hugging Face Safetensors Library" src="https://huggingface.co/datasets/safetensors/assets/raw/main/banner-light.svg" style="max-width: 100%;">
-  </picture>
-  <br/>
-  <br/>
-</p>
-Python
-[![Pypi](https://img.shields.io/pypi/v/safetensors.svg)](https://pypi.org/pypi/safetensors/)
-[![Documentation](https://img.shields.io/website/http/huggingface.co/docs/safetensors/index.svg?label=docs)](https://huggingface.co/docs/safetensors/index)
-[![Codecov](https://codecov.io/github/huggingface/safetensors/coverage.svg?branch=main)](https://codecov.io/gh/huggingface/safetensors)
-[![Downloads](https://static.pepy.tech/badge/safetensors/month)](https://pepy.tech/project/safetensors)
-Rust
-[![Crates.io](https://img.shields.io/crates/v/safetensors.svg)](https://crates.io/crates/safetensors)
-[![Documentation](https://docs.rs/safetensors/badge.svg)](https://docs.rs/safetensors/)
-[![Codecov](https://codecov.io/github/huggingface/safetensors/coverage.svg?branch=main)](https://codecov.io/gh/huggingface/safetensors)
-[![Dependency status](https://deps.rs/repo/github/huggingface/safetensors/status.svg?path=safetensors)](https://deps.rs/repo/github/huggingface/safetensors?path=safetensors)
-# safetensors
-## Safetensors
-This repository implements a new simple format for storing tensors
-safely (as opposed to pickle) and that is still fast (zero-copy).
-### Installation
-#### Pip
-You can install safetensors via the pip manager:
-```bash
-pip install safetensors
-```
-#### From source
-For the sources, you need Rust
-```bash
-# Install Rust
-curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
-# Make sure it's up to date and using stable channel
-rustup update
-git clone https://github.com/huggingface/safetensors
-cd safetensors/bindings/python
-pip install setuptools_rust
-pip install -e .
-```
-### Getting started
-```python
-import torch
-from safetensors import safe_open
-from safetensors.torch import save_file
-tensors = {
-   "weight1": torch.zeros((1024, 1024)),
-   "weight2": torch.zeros((1024, 1024))
-}
-save_file(tensors, "model.safetensors")
-tensors = {}
-with safe_open("model.safetensors", framework="pt", device="cpu") as f:
-   for key in f.keys():
-       tensors[key] = f.get_tensor(key)
-```
-[Python documentation](https://huggingface.co/docs/safetensors/index)
-### Format
-- 8 bytes: `N`, an unsigned little-endian 64-bit integer, containing the size of the header
-- N bytes: a JSON UTF-8 string representing the header.
-  - The header data MUST begin with a `{` character (0x7B).
-  - The header data MAY be trailing padded with whitespace (0x20).
-  - The header is a dict like `{"TENSOR_NAME": {"dtype": "F16", "shape": [1, 16, 256], "data_offsets": [BEGIN, END]}, "NEXT_TENSOR_NAME": {...}, ...}`,
-    - `data_offsets` point to the tensor data relative to the beginning of the byte buffer (i.e. not an absolute position in the file),
-      with `BEGIN` as the starting offset and `END` as the one-past offset (so total tensor byte size = `END - BEGIN`).
-  - A special key `__metadata__` is allowed to contain free form string-to-string map. Arbitrary JSON is not allowed, all values must be strings.
-- Rest of the file: byte-buffer.
-Notes:
- - Duplicate keys are disallowed. Not all parsers may respect this.
- - In general the subset of JSON is implicitly decided by `serde_json` for
-   this library. Anything obscure might be modified at a later time, that odd ways
-   to represent integer, newlines and escapes in utf-8 strings. This would only
-   be done for safety concerns
- - Tensor values are not checked against, in particular NaN and +/-Inf could
-   be in the file
- - Empty tensors (tensors with 1 dimension being 0) are allowed.
-   They are not storing any data in the databuffer, yet retaining size in the header.
-   They don't really bring a lot of values but are accepted since they are valid tensors
-   from traditional tensor libraries perspective (torch, tensorflow, numpy, ..).
- - 0-rank Tensors (tensors with shape `[]`) are allowed, they are merely a scalar.
- - The byte buffer needs to be entirely indexed, and cannot contain holes. This prevents
-   the creation of polyglot files.
- - Endianness: Little-endian.
-   moment.
- - Order: 'C' or row-major.
-### Yet another format ?
-The main rationale for this crate is to remove the need to use
-`pickle` on `PyTorch` which is used by default.
-There are other formats out there used by machine learning and more general
-formats.
-Let's take a look at alternatives and why this format is deemed interesting.
-This is my very personal and probably biased view:
-| Format                  | Safe | Zero-copy | Lazy loading | No file size limit | Layout control | Flexibility | Bfloat16/Fp8
-| ----------------------- | --- | --- | --- | --- | --- | --- | --- |
-| pickle (PyTorch)        | ✗ | ✗ | ✗ | 🗸 | ✗ | 🗸 | 🗸 |
-| H5 (Tensorflow)         | 🗸 | ✗ | 🗸 | 🗸 | ~ | ~ | ✗ |
-| SavedModel (Tensorflow) | 🗸 | ✗ | ✗ | 🗸 | 🗸 | ✗ | 🗸 |
-| MsgPack (flax)          | 🗸 | 🗸 | ✗ | 🗸 | ✗ | ✗ | 🗸 |
-| Protobuf (ONNX)         | 🗸 | ✗ | ✗ | ✗ | ✗ | ✗ | 🗸 |
-| Cap'n'Proto             | 🗸 | 🗸 | ~ | 🗸 | 🗸 | ~ | ✗ |
-| Arrow                   | ? | ? | ? | ? | ? | ? | ✗ |
-| Numpy (npy,npz)         | 🗸 | ? | ? | ✗ | 🗸 | ✗ | ✗ |
-| pdparams (Paddle)       | ✗ | ✗ | ✗ | 🗸 | ✗ | 🗸 | 🗸 |
-| SafeTensors             | 🗸 | 🗸 | 🗸 | 🗸 | 🗸 | ✗ | 🗸 |
-- Safe: Can I use a file randomly downloaded and expect not to run arbitrary code ?
-- Zero-copy: Does reading the file require more memory than the original file ?
-- Lazy loading: Can I inspect the file without loading everything ? And loading only
-  some tensors in it without scanning the whole file (distributed setting) ?
-- Layout control: Lazy loading, is not necessarily enough since if the information about tensors is spread out in your file, then even if the information is lazily accessible you might have to access most of your file to read the available tensors (incurring many DISK -> RAM copies). Controlling the layout to keep fast access to single tensors is important.
-- No file size limit: Is there a limit to the file size ?
-- Flexibility: Can I save custom code in the format and be able to use it later with zero extra code ? (~ means we can store more than pure tensors, but no custom code)
-- Bfloat16/Fp8: Does the format support native bfloat16/fp8 (meaning no weird workarounds are
-  necessary)? This is becoming increasingly important in the ML world.
-### Main oppositions
-- Pickle: Unsafe, runs arbitrary code
-- H5: Apparently now discouraged for TF/Keras. Seems like a great fit otherwise actually. Some classic use after free issues: <https://www.cvedetails.com/vulnerability-list/vendor_id-15991/product_id-35054/Hdfgroup-Hdf5.html>. On a very different level than pickle security-wise. Also 210k lines of code vs ~400 lines for this lib currently.
-- SavedModel: Tensorflow specific (it contains TF graph information).
-- MsgPack: No layout control to enable lazy loading (important for loading specific parts in distributed setting)
-- Protobuf: Hard 2Go max file size limit
-- Cap'n'proto: Float16 support is not present [link](https://capnproto.org/language.html#built-in-types) so using a manual wrapper over a byte-buffer would be necessary. Layout control seems possible but not trivial as buffers have limitations [link](https://stackoverflow.com/questions/48458839/capnproto-maximum-filesize).
-- Numpy (npz): No `bfloat16` support. Vulnerable to zip bombs (DOS). Not zero-copy.
-- Arrow: No `bfloat16` support.
-### Notes
-- Zero-copy: No format is really zero-copy in ML, it needs to go from disk to RAM/GPU RAM (that takes time). On CPU, if the file is already in cache, then it can
-  truly be zero-copy, whereas on GPU there is not such disk cache, so a copy is always required
-  but you can bypass allocating all the tensors on CPU at any given point.
-  SafeTensors is not zero-copy for the header. The choice of JSON is pretty arbitrary, but since deserialization is <<< of the time required to load the actual tensor data and is readable I went that way, (also space is <<< to the tensor data).
-- Endianness: Little-endian. This can be modified later, but it feels really unnecessary at the
-  moment.
-- Order: 'C' or row-major. This seems to have won. We can add that information later if needed.
-- Stride: No striding, all tensors need to be packed before being serialized. I have yet to see a case where it seems useful to have a strided tensor stored in serialized format.
-### Benefits
-Since we can invent a new format we can propose additional benefits:
-- Prevent DOS attacks: We can craft the format in such a way that it's almost
-  impossible to use malicious files to DOS attack a user. Currently, there's a limit
-  on the size of the header of 100MB to prevent parsing extremely large JSON.
-  Also when reading the file, there's a guarantee that addresses in the file
-  do not overlap in any way, meaning when you're loading a file you should never
-  exceed the size of the file in memory
-- Faster load: PyTorch seems to be the fastest file to load out in the major
-  ML formats. However, it does seem to have an extra copy on CPU, which we
-  can bypass in this lib by using `torch.UntypedStorage.from_file`.
-  Currently, CPU loading times are extremely fast with this lib compared to pickle.
-  GPU loading times are as fast or faster than PyTorch equivalent.
-  Loading first on CPU with memmapping with torch, and then moving all tensors to GPU seems
-  to be faster too somehow (similar behavior in torch pickle)
-- Lazy loading: in distributed (multi-node or multi-gpu) settings, it's nice to be able to
-  load only part of the tensors on the various models. For
-  [BLOOM](https://huggingface.co/bigscience/bloom) using this format enabled
-  to load the model on 8 GPUs from 10mn with regular PyTorch weights down to 45s.
-  This really speeds up feedbacks loops when developing on the model. For instance
-  you don't have to have separate copies of the weights when changing the distribution
-  strategy (for instance Pipeline Parallelism vs Tensor Parallelism).
-License: Apache-2.0