Transformers is open-source software that is tightly coupled to the Hugging Face Hub. While you have the ability to use it offline with pre-downloaded model weights, it provides a very simple way to download, use, and manage models locally.
When downloading artefacts that have been uploaded by others on any platform, you expose yourself to risks. Please read below for the security recommendations in order to keep your runtime and local environment safe.
Models uploaded on the Hugging Face Hub come in different formats. We heavily recommend uploading and downloading
models in the safetensors format (which is the default prioritized
by the transformers library), as developed specifically to prevent arbitrary code execution on your system.
To avoid loading models from unsafe formats(e.g. pickle, you should use the use_safetensors parameter. If doing so, in the event that no .safetensors file is present, transformers will error when loading the model.
Transformers supports many model architectures, but is also the bridge between your Python runtime and models that are stored in model repositories on the Hugging Face Hub.
These models require the trust_remote_code=True parameter to be set when using them; please always verify
the content of the modeling files when using this argument. We recommend setting a revision in order to ensure you
protect yourself from updates on the repository.
Feel free to submit vulnerability reports to [email protected], where someone from the HF security team will review and recommend next steps. If reporting a vulnerability specific to open source, please note Huntr is a vulnerability disclosure program for open source software.