## Overview

Safetensors is a fast file format for sorting and loading tensors. Typically, PtTorch model weights are saved or pickled into a .bin file with Python's pickle utility. However, pickle is not secure and pickled files amy contain malicious code that can be executed. safetensors is a secure alternative to pickle, making it ideal for sharing model weights.

[🤗 safetensors](https://github.com/huggingface/safetensors) is an open source project that it implements a new simple format for storing tensots safely (as opposed to pickle) and that is still fast with zero-copy.

[pickle- Python object serialization](https://docs.python.org/3/library/pickle.html) implements binary protocols for serializing and de-serializing a Python object structure

In this notebooks, we will try to load `.safetensor` files and convert Stable Diffusion model weights stored in other format to `.safetensor` files.

## Preparing

!pip install safetensors

## Loading safetensors

We can optionally set  `use_safetensors=True` to load safetensors files. But please make sure safetensors is installed. 

In [None]:
from diffusers import DiffusionPipeline

pipe = DiffusionPipeline.from_pretrained('runwayml/stable-diffusion-v1-5', use_safetensors=True)

### Loading safetensors from a file

The model weights are not necessarily stored in separate subfolders like in the example above. Sometimes, all the weights are stored in a single `.safetensors` file by using `from_single_file`.

In [None]:
from diffusers import StableDiffusionPipeline

pipe = StableDiffusionPipeline.from_single_file(
    "https://huggingface.co/WarriorMama777/OrangeMixs/blob/main/Models/AbyssOrangeMix/AbyssOrangeMix.safetensors"

)

## Convert to safetensors

Not all weights on the Hub are avaliable in the `.safetensors` format, and you may encounter weights stored as `.bin`. In this case, use the Conver Space to convert the weights to `.safetensors`. The Convert Space downloads the pickled weights, converts them, and opens a Pull Request to upload the newly converted `.safetensors` file on the hub. This way, if there is any malicious code contained in the pickled files, they are uploaded to the Hub - which has a security scanner to detect unsafe files and suspicious imports - instead of your computer. Here is the [convert code](https://huggingface.co/spaces/diffusers/convert/blob/main/convert.py)