search

huggingface / huggingface_hub

The official Python client for the Huggingface Hub.
https://huggingface.co/docs/huggingface_hub
Apache License 2.0
1.99k stars 519 forks source link

Add warning when cloning/downloading from repos we've marked as unsafe #586

Open nateraw opened 2 years ago

nateraw commented 2 years ago

Is your feature request related to a problem? Please describe.

The Hub now warns you if malware has been found in a HF repo. Perhaps it would be wise to warn users when they are either cloning these repos or downloading files from them.

Describe the solution you'd like

When a user is cloning or downloading from huggingface_hub, they should get a very noisy warning letting them know the repo they're trying to clone contains what we believe to be malware.

Describe alternatives you've considered

We could also block them outright and force them to pass a allow_unsafe=True kwarg to the various download functions

Additional context

Initially brought up on Twitter here.

osanseviero commented 2 years ago

Not super high priority imo since we don't have any infected repos, but having is an important feature. Probably also worth having in transformers, specially with custom code getting more supported (cc @LysandreJik @sgugger)