Safetensors is Joining the PyTorch Foundation
Today, we’re announcing that Safetensors has joined the PyTorch Foundation as a foundation-hosted project under the Linux Foundation, alongside DeepSpeed, Helion, Ray, vLLM, and PyTorch itself.
How we got here
Safetensors started as a Hugging Face project born out of a concrete need: a way to store and share model weights that couldn’t execute arbitrary code. The pickle-based formats that dominated the ecosystem at the time meant that there was a very real risk you’d be running malicious code. While this was an acceptable risk when ML was still budding, it would become unacceptable as open model sharing became central to how the ML community works.
The format we built is intentionally simple: a JSON header with a hard limit of 100MB, describing tensor