alt Hacker NewsYou asked for specific feedback, but here is generic feedback: a new github account coupled to a new HN account does not inspire any sense of added infra safety. I would rather use modern pytorch/safetensors and tools that dont allow executing pickles from checkpoints. If you execute someone elses pickle you probably already lost no matter what checks you want to add over time.
That is entirely fair feedback regarding the new accounts. We all have to start somewhere! That is exactly why I open-sourced the engine (Apache 2.0) and kept the logic in Python rather than a compiled binary - so you don't have to trust "me", you can audit scanner.py and safety.py yourself to see exactly how we parse the zip headers. Regarding Safetensors: I agree 100%. If everyone used Safetensors, this tool wouldn't need to exist, but looking at the Hugging Face hub, there are still millions of legacy .pt files being downloaded daily. This tool is a guardrail for the messy reality we live in, not the perfect future we want.