Safetensors Metadata Viewer

Open a .safetensors file and see what is inside: every tensor's name, shape, and dtype, the total parameter count, and any embedded metadata. Only the small JSON header at the start of the file is read — the multi-gigabyte weight data is never touched and nothing is uploaded. Everything happens locally in your browser.

Only the header (first few hundred KB at most) is read. The weights stay on your disk.

How to use the Safetensors Metadata Viewer

Click the file picker and choose a .safetensors file from your disk. The viewer reads the file's leading header — an 8-byte length followed by a JSON block describing every tensor — and shows a summary: the number of tensors, the total parameter count, and the format detected. A table lists each tensor with its shape and data type, and the embedded __metadata__ (if present) is shown separately.

Use the filter box to narrow the table to a layer or a name pattern — handy for large models with thousands of tensors — and tick group by dtype to see how parameters are distributed across precisions (for example, which tensors are kept in higher precision). Because only the header is parsed, even a 100 GB model opens instantly; the gigabytes of weight data are never read into memory or sent anywhere.

The safetensors format

Safetensors is a file format from Hugging Face for storing model weights safely and quickly. It exists because the older approach — Python's pickle, used by PyTorch .bin and .pt files — can execute arbitrary code when loaded, making a downloaded checkpoint a security risk. Safetensors stores only raw tensor data plus a small descriptive header, so loading it can never run code. It is now the default for most models published on the Hugging Face Hub.

The layout is simple by design. The file begins with an 8-byte little-endian integer giving the length of the header. That header is a JSON object mapping each tensor's name to its dtype (such as F16, BF16, F32, or an integer type), its shape as a list of dimensions, and the byte offsets where its data lives in the rest of the file. An optional __metadata__ entry holds free-form string key-value pairs — often the framework version, the model format, or quantization notes. Everything after the header is contiguous raw tensor bytes.

Because the header is self-describing and sits at the front, you can learn a great deal about a model without downloading or loading the weights: how many parameters it has (sum the product of each shape), which precision each tensor uses, and how the layers are named — useful for confirming an architecture, debugging a conversion, or checking a quantization before committing to a large download. This viewer parses exactly that header. It does not read, decode, or transmit the weight data, which is what makes it instant and private even for very large files.

Common use cases

  • Confirming a download. Check a model's parameter count and precision before pulling tens of gigabytes of weights.
  • Debugging conversions. Verify that a converted or quantized checkpoint has the expected tensor names, shapes, and dtypes.
  • Inspecting quantization. Group by dtype to see which tensors were kept in higher precision and which were quantized.
  • Reading embedded metadata. View the format and framework notes stored in a file's __metadata__ block.

Frequently asked questions

Is my model file uploaded anywhere?
No. The viewer reads only the small header at the start of the file using the browser's local file API. The weight data is never read into memory or sent over the network, which is why even a 100 GB file opens instantly and stays entirely on your device.

How is the parameter count computed?
For each tensor the viewer multiplies the dimensions in its shape to get its element count, then sums across all tensors. That total is the model's parameter count. Embedding and output tensors are included, so the figure matches the model's true parameter total.

What dtypes can it show?
Whatever the header declares — commonly F16, BF16, and F32, plus integer and 8-bit float types used by quantized checkpoints. The viewer reports the dtype string exactly as stored, so you can see precisely how each tensor is encoded.

Why use safetensors instead of a .bin file?
PyTorch .bin files use Python pickle, which can execute arbitrary code on load — a real risk for downloaded models. Safetensors stores only data and a descriptive header, so loading it cannot run code. It is also faster to load and supports memory-mapping.

Can it open a sharded model?
It opens one .safetensors file at a time. Large models are often split into several shards (model-00001-of-00003.safetensors, and so on); open each shard to inspect its tensors, or check the accompanying index.json to see how tensors are distributed across shards.