possible to convert a pickle file to a safetensors file?

[cpoptic]

As many models are serialized using "legacy" pickle format, is it possible to take an arbitrary pickle file and convert it to safetensor file format such that the converted file is now "safe" from executing arbitrary code?

[Narsil]

For simple conversion of models I suggest using https://huggingface.co/spaces/safetensors/convert
Using the space will create a PR on your model that you simply have to merge.

It should cover most of your cases and be safe (since the machine running the conversion is not yours).
For more involved conversion you should probably run the script in something like colab: https://github.com/huggingface/safetensors/blob/main/bindings/python/convert.py

In general doing:

from safetensors.torch import save_file
weights = torch.load("model.pt")
save_file("model.safetensors", weights)

Should be ok. This will not work all the times because of tensor sharing, which is why using the scripts is going to work more often.