Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
This is a Python package for writing binary files in the GGUF (GGML Universal File) format.
See convert_hf_to_gguf.py as an example for its usage.
pip install gguf
examples/writer.py — Generates example.gguf
in the current directory to demonstrate generating a GGUF file. Note that this file cannot be used as a model.
gguf/scripts/gguf_dump.py — Dumps a GGUF file's metadata to the console.
gguf/scripts/gguf_set_metadata.py — Allows changing simple metadata values in a GGUF file by key.
gguf/scripts/gguf_convert_endian.py — Allows converting the endianness of GGUF files.
gguf/scripts/gguf_new_metadata.py — Copies a GGUF file with added/modified/removed metadata values.
Maintainers who participate in development of this package are advised to install it in editable mode:
cd /path/to/llama.cpp/gguf-py
pip install --editable .
Note: This may require to upgrade your Pip installation, with a message saying that editable installation currently requires setup.py
.
In this case, upgrade Pip to the latest:
pip install --upgrade pip
There's a GitHub workflow to make a release automatically upon creation of tags in a specified format.
pyproject.toml
.gguf-vx.x.x
where x.x.x
is the semantic version number.git tag -a gguf-v1.0.0 -m "Version 1.0 release"
git push origin --tags
If you want to publish the package manually for any reason, you need to have twine
and build
installed:
pip install build twine
Then, follow these steps to release a new version:
pyproject.toml
.python -m build
python -m twine upload dist/*
From root of this repository you can run this command to run all the unit tests
python -m unittest discover ./gguf-py -v
FAQs
Read and write ML models in GGUF for GGML
We found that gguf demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.