Safetensors Joins PyTorch Foundation
How We Got Here
Safetensors began as a Hugging Face project driven by a practical need: an efficient way to store and distribute model weights without the risk of running unauthorized code. At the time, popular formats like pickle were widely used but posed security risks. As machine learning became more integral to the community, ensuring that models could be safely shared became paramount.
The format we developed is intentionally simple: a JSON header detailing metadata about tensors followed by raw data. Lazy loading allows for reading individual weights without deserializing an entire checkpoint. While this was initially seen as a viable solution, its adoption grew beyond our expectations, becoming the default format for model distribution across Hugging Face’s platform and others.
Why PyTorch Foundation
We aim to ensure Safetensors truly belongs to the community. By bringing more companies and contributors into the project’s governance, we make sure that its evolution reflects a broad range of interests within it. Joining the PyTorch Foundation means Safetensors now has a neutral home under the Linux Foundation, where no single entity can dictate its development. Hugging Face’s core maintainers, Luc and Daniel, continue to guide the project but no longer have exclusive control over its future.
Ensuring safety is best achieved when every participant can contribute; this principle is now embedded in the project’s governance.
What This Means for Users and Contributors
No changes to existing users are expected. Models stored in Safetensors format continue to function as before. For contributors, there is now a formal path to becoming a maintainer documented in the repository’s governance documents.
Next Steps
Safetensors has already established itself as an essential part of the machine learning ecosystem but we believe its potential lies ahead.
We are collaborating with PyTorch to integrate Safetensors into their core, enabling torch models to be serialized and deserialized using this format. This integration will pave the way for features like device-aware loading, support for tensor parallelism, pipeline parallelism, and advanced quantization methods such as FP8, GPTQ, and AWQ.
As these advancements occur within the PyTorch Foundation’s umbrella, we can work collaboratively with other projects to ensure a cohesive and forward-looking ecosystem. The foundation provides a stable, community-driven environment for Safetensors’ continued growth.
Get Involved
If you’re a developer, researcher, or organization that builds on Safetensors and wishes to participate in shaping its future, we encourage engagement through issues, discussions, or direct communication with the maintainers.
Key Takeaways
- Safetensors has been adopted as the default format for model distribution across Hugging Face and other platforms.
- The project now has a neutral governance structure under the Linux Foundation, ensuring that its development reflects the interests of the broader community.
- Integration with PyTorch core is underway to enhance the utility and compatibility of Safetensors for machine learning models.
Stay ahead of AI. Get the most important stories delivered to your inbox — no spam, no noise.
