Skip to content

Add HuggingFace Hub direct scanning support#219

Merged
thomas-chauchefoin-tob merged 3 commits intomasterfrom
huggingface-scanning
Mar 21, 2026
Merged

Add HuggingFace Hub direct scanning support#219
thomas-chauchefoin-tob merged 3 commits intomasterfrom
huggingface-scanning

Conversation

@dguido
Copy link
Copy Markdown
Member

@dguido dguido commented Jan 23, 2026

Summary

  • Adds --huggingface REPO_ID argument to scan models directly from HuggingFace Hub
  • Adds --hf-revision and --hf-token for revision specification and private repos
  • Adds huggingface optional dependency: pip install fickling[huggingface]
  • Automatically filters for pickle-based files (.bin, .pt, .pth, .pkl, .pickle)
  • Skips known-safe formats (safetensors, json, txt, etc.)

Usage

# Scan a public model
fickling --huggingface bert-base-uncased --print-results

# Scan specific revision
fickling --huggingface bert-base-uncased --hf-revision main --print-results

# Scan private repo
fickling --huggingface my-org/private-model --hf-token $HF_TOKEN --print-results

Test plan

  • All existing tests pass
  • Linters pass
  • Manual testing with public HuggingFace models

🤖 Generated with Claude Code

@dguido dguido requested a review from ESultanik as a code owner January 23, 2026 02:50
@dguido dguido force-pushed the huggingface-scanning branch from 08cd8ae to d4dc0ad Compare February 20, 2026 21:18
@dguido @claude @thomas-chauchefoin-tob
Add HuggingFace Hub direct scanning support
e2f8eb3 
- Add --huggingface REPO_ID argument to scan models directly from HuggingFace Hub
- Add --hf-revision and --hf-token arguments for specific revisions and private repos
- Add huggingface optional dependency (huggingface_hub >= 0.20.0)
- Automatically filter for pickle-based files and skip safe formats like safetensors

Usage: fickling --huggingface bert-base-uncased --print-results

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
thomas-chauchefoin-tob and others added 2 commits March 21, 2026 01:44
@thomas-chauchefoin-tob @claude
Refactor HuggingFace scanning to use the new loader scan APIs
26679a5 
Replace manual StackedPickle.load/check_safety loop in _scan_huggingface
with scan_file (raw pickles) and scan_zip_archive (.pt/.pth PyTorch
archives). Warn on skipped files with unrecognized extensions, silently
skip known-safe formats (json, safetensors, onnx, etc.).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@thomas-chauchefoin-tob @claude
Use content-based detection for HuggingFace model scanning
d8399cf 
Replace extension-only routing with find_file_properties to detect
PyTorch ZIP archives, raw pickles, and other formats (7z, TAR,
NumPy) regardless of file extension.

Add fickling[torch] to huggingface extras since polyglot sniffing
requires it.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@thomas-chauchefoin-tob thomas-chauchefoin-tob merged commit 47eaf97 into master Mar 21, 2026
12 checks passed
@thomas-chauchefoin-tob thomas-chauchefoin-tob deleted the huggingface-scanning branch March 21, 2026 01:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ESultanik ESultanik Awaiting requested review from ESultanik ESultanik is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dguido @thomas-chauchefoin-tob