[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension:v3:en:safetensors":3},{"resolvedFromAlias":4,"canonicalExt":5,"ext":5,"name":6,"category":7,"categoryName":8,"updatedAt":9,"popularity":10,"summary":11,"howToOs":12,"quickAnswer":18,"answerIntro":19,"whatIs":20,"description":21,"furtherReading":22,"openInstructions":41,"commonIssues":51,"securityNotes":70,"faq":74,"aliases":87,"mimeTypes":88,"relatedExtensions":89,"breadcrumbs":108,"categoryAnchor":118,"categoryFuturePath":119,"metaDescription":120,"availableHowToOs":121,"openOnDeviceLinks":122,"cannotOpenReasons":138,"cannotOpenFixes":139,"convertOptions":140,"securityAffiliateMessaging":141,"securityAffiliates":142},false,"safetensors","SafeTensors tensor checkpoint format","ml","Machine learning","2026-06-12T08:20:13.681Z",55,".safetensors stores machine-learning tensor weights in a simple binary container with a small JSON header and raw tensor bytes. It is commonly used for sharing and loading model checkpoints (especially in the Hugging Face ecosystem) with an emphasis on safer, validation-friendly loading.",[13,14,15,16,17],"windows","mac","linux","ios","android","To open .SAFETENSORS files on Windows, install Python, then install the library: pip install safetensors.","To open a .safetensors file, use software that can load SafeTensors checkpoints—most commonly Python with the Hugging Face safetensors library. These files are not meant to be “opened” like documents; they are model weight containers that you load into ML frameworks such as PyTorch via the safetensors APIs.","SafeTensors is a binary file format for storing one or more tensors. The layout is: an 8-byte little-endian header length, a UTF-8 JSON header describing tensors (dtype, shape, data_offsets) and optional reserved metadata, followed by the raw tensor byte data. The design goal is safe and efficient loading (including zero-copy/lazy patterns) by using explicit offsets and a constrained header structure.","SafeTensors is widely used to distribute and load neural network weights, particularly alongside Hugging Face tooling and model repositories. Instead of relying on Python pickle-based formats (which can execute code on load), SafeTensors stores only tensor metadata plus raw bytes, enabling stricter validation and safer parsing approaches.\n\nInternally, the header is JSON that maps tensor names to descriptors containing dtype, shape, and byte ranges (data_offsets) into the raw data section. A reserved \"__metadata__\" entry can store key/value metadata; ecosystem standards (for example, model metadata conventions) may define expected keys.\n\nBecause the header is small and located at the start, it can be read without downloading the entire file (for example via HTTP Range requests). This makes it practical for large checkpoints hosted remotely: tools can inspect metadata first, then selectively download or memory-map the tensor payload when supported.",[23,26,29,32,35,38],{"title":24,"url":25},"SafeTensors README (format layout and design goals)","https://github.com/huggingface/safetensors/blob/main/README.md",{"title":27,"url":28},"safetensors on PyPI (Python usage and APIs)","https://pypi.org/project/safetensors/",{"title":30,"url":31},"Hugging Face docs: Metadata Parsing (Range requests and header structure)","https://huggingface.co/docs/safetensors/metadata_parsing",{"title":33,"url":34},"Stability AI Model Metadata Standard (metadata keys for __metadata__)","https://github.com/Stability-AI/ModelSpec",{"title":36,"url":37},"Trail of Bits security review of SafeTensors (PDF)","https://www.trailofbits.com/documents/2023-03-eleutherai-huggingface-safetensors-securityreview%20%282%29.pdf",{"title":39,"url":40},"IANA Media Types registry (to verify registered MIME types)","https://www.iana.org/assignments/media-types/media-types.xhtml",{"windows":42,"macos":45,"linux":46,"ios":47,"android":49},[43,44],"Install Python, then install the library: pip install safetensors","Load the file in a Python script using the safetensors APIs (for example, use safetensors.torch.load_file for PyTorch tensors)",[43,44],[43,44],[48],"There is no common iOS-native app support cited for SafeTensors; if you need to inspect or use the file, transfer it to a desktop and load it with Python (safetensors).",[50],"There is no common Android-native app support cited for SafeTensors; if you need to inspect or use the file, transfer it to a desktop and load it with Python (safetensors).",[52,58,64],{"title":53,"description":54,"steps":55},"Tried to open it in a text editor and it looks like gibberish",".safetensors is a binary format: only a small header is JSON text; the majority is raw tensor bytes.",[56,57],"Use a SafeTensors-aware loader (commonly Python + safetensors) instead of a text editor","If you only need metadata, read just the header using the documented metadata parsing approach (header JSON at the start of the file)",{"title":59,"description":60,"steps":61},"Load fails due to incompatible dtype/shape expectations","The header encodes dtype and shape per tensor; a consuming script/model may expect different tensor names or shapes than those stored in the file.",[62,63],"List tensor names and their dtype/shape from the header metadata before loading into your model","Ensure you are loading into the correct model architecture and that tensor naming matches what the model code expects",{"title":65,"description":66,"steps":67},"The file downloads but tools report it as corrupted or incomplete","SafeTensors relies on exact byte offsets (data_offsets). A truncated download or partial copy can break header/data consistency and validation.",[68,69],"Re-download or re-copy the file, ensuring the transfer completes fully","If reading remotely, ensure your HTTP client supports Range requests correctly when doing partial header reads",[71,72,73],"SafeTensors is designed to store tensor data and metadata (JSON header + raw bytes) rather than executable serialization logic; this is intended to reduce risks associated with pickle-based model checkpoints.","Even with a safer container, treat untrusted model weights as potentially harmful at the application level (e.g., adversarial or poisoned weights). Safe parsing is not the same as safe model behavior.","The implementation has been reviewed by a third party (Trail of Bits) focusing on validation and safety properties; still, keep parsers updated and avoid using unknown forks or unmaintained loaders.",[75,78,81,84],{"question":76,"answer":77},"Is a .safetensors file just JSON?","No. Only the header is UTF-8 JSON; the tensor contents are stored as raw binary bytes after the header.",{"question":79,"answer":80},"Can I extract tensors without downloading the whole file?","Often, yes for metadata: the header can be read from the beginning of the file, and the official docs describe parsing metadata via HTTP Range requests to fetch only the initial bytes needed for the header.",{"question":82,"answer":83},"Where is model metadata stored in SafeTensors?","Metadata can be stored in the reserved \"__metadata__\" portion of the JSON header; ecosystem specifications (such as Stability AI’s model metadata standard) may define conventions for keys.",{"question":85,"answer":86},"Is there an official registered MIME type for .safetensors?","The IANA media types registry is the authoritative place to check; the provided IANA registry source does not list a specific registered media type for .safetensors.",[],[],[90,96,102],{"ext":91,"name":92,"category":7,"categoryName":8,"popularity":93,"summary":94,"howToOs":95},"onnx","ONNX (Open Neural Network Exchange) model",45,".onnx is a serialized machine-learning model file in the Open Neural Network Exchange (ONNX) format, used to move models between tools and run inference in different environments. It’s commonly loaded by ONNX Runtime and other ONNX-capable ML software rather than “opened” like a document.",[13,14,15,16,17],{"ext":97,"name":98,"category":7,"categoryName":8,"popularity":99,"summary":100,"howToOs":101},"gguf","GGUF (GGML Universal Format) model file",35,".gguf is a binary file format used to store machine-learning models (tensors plus metadata), commonly for running LLMs with GGUF-capable local tools and runtimes (llama.cpp is a well-known example). It is designed for fast saving/loading and is often used to distribute quantized models for inference.",[13,14,15,16,17],{"ext":103,"name":104,"category":7,"categoryName":8,"popularity":105,"summary":106,"howToOs":107},"ml20","Machine Learning Model Format 2020",15,".ml20 files are used for storing machine learning models, typically created by specific machine learning frameworks.",[13,14,15,16,17],[109,112,115],{"label":110,"to":111},"Home","/",{"label":113,"to":114},"File Extension Index","/file-extension",{"label":116,"to":117},".SAFETENSORS","/file-extension/safetensors","category-ml","/category/ml","Learn what .SAFETENSORS files are, how to open them on every platform, common fixes, and security best practices.",[13,14,15,16,17],[123,126,129,132,135],{"os":13,"label":124,"to":125},"Open .SAFETENSORS on Windows","/how-to/open-safetensors-on-windows",{"os":14,"label":127,"to":128},"Open .SAFETENSORS on Mac","/how-to/open-safetensors-on-mac",{"os":15,"label":130,"to":131},"Open .SAFETENSORS on Linux","/how-to/open-safetensors-on-linux",{"os":16,"label":133,"to":134},"Open .SAFETENSORS on iOS","/how-to/open-safetensors-on-ios",{"os":17,"label":136,"to":137},"Open .SAFETENSORS on Android","/how-to/open-safetensors-on-android",[53,59,65],[56,57],[],"untrusted_source",[143,147],{"name":144,"description":145,"affiliateUrl":146},"Avast","Avast offers free and premium antivirus software that protects against viruses, malware, ransomware, and phishing. Scan files before opening them to ensure safety.","https://www.avast.com/lp-aff-consumer-store?expid=inf601",{"name":148,"description":149,"affiliateUrl":150},"Norton","Norton 360 delivers comprehensive antivirus protection, VPN, and identity theft monitoring. Scan files for threats before opening to keep your device secure.","http://buy.norton.com/aff_home?utm_campaign=en-ww_nor_n36_aff_nas_nau_nah_cj_nad_low:_sec_nat_mktc_norton_360"]