How to use from
llama.cpp
Install (macOS, Linux)
curl -LsSf https://llama.app/install.sh | sh
# Start a local OpenAI-compatible server with a web UI:
llama serve -hf jaimef21/security-lora-qwen2.5-coder-3b-gguf:Q4_K_M
# Run inference directly in the terminal:
llama cli -hf jaimef21/security-lora-qwen2.5-coder-3b-gguf:Q4_K_M
Install from WinGet (Windows)
winget install llama.cpp
# Start a local OpenAI-compatible server with a web UI:
llama serve -hf jaimef21/security-lora-qwen2.5-coder-3b-gguf:Q4_K_M
# Run inference directly in the terminal:
llama cli -hf jaimef21/security-lora-qwen2.5-coder-3b-gguf:Q4_K_M
Use pre-built binary
# Download pre-built binary from:
# https://github.com/ggerganov/llama.cpp/releases
# Start a local OpenAI-compatible server with a web UI:
./llama-server -hf jaimef21/security-lora-qwen2.5-coder-3b-gguf:Q4_K_M
# Run inference directly in the terminal:
./llama-cli -hf jaimef21/security-lora-qwen2.5-coder-3b-gguf:Q4_K_M
Build from source code
git clone https://github.com/ggerganov/llama.cpp.git
cd llama.cpp
cmake -B build
cmake --build build -j --target llama-server llama-cli
# Start a local OpenAI-compatible server with a web UI:
./build/bin/llama-server -hf jaimef21/security-lora-qwen2.5-coder-3b-gguf:Q4_K_M
# Run inference directly in the terminal:
./build/bin/llama-cli -hf jaimef21/security-lora-qwen2.5-coder-3b-gguf:Q4_K_M
Use Docker
docker model run hf.co/jaimef21/security-lora-qwen2.5-coder-3b-gguf:Q4_K_M
Quick Links

security-lora-qwen2.5-coder-3b-gguf

GGUF quants of jaimef21/security-lora-qwen2.5-coder-3b-bf16, a Qwen2.5-Coder-3B-Instruct LoRA fine-tune for detecting malicious npm / PyPI supply-chain attack code.

Outputs a structured JSON verdict with cited line ranges. Tuned via DPO to suppress false positives on legitimate minified / telemetry / crypto code.

Training pipeline: https://github.com/jaimef21/security-lora

Files

File Quant Size Notes
security-lora.q8_0.gguf Q8_0 ~3.2 GB High fidelity; indistinguishable from F16 for most use
security-lora.q4_k_m.gguf Q4_K_M ~1.9 GB Runs comfortably on an 8 GB laptop or 4 GB CPU server

Usage with llama.cpp

./llama-cli -m security-lora.q4_k_m.gguf \
    -p "Analyze this code for malicious behaviour. Source: \`example.js\`.\n\n\`\`\`js\nconst x = require('child_process').exec(process.env.CMD);\n\`\`\`"

Usage with Ollama

Build a Modelfile locally:

FROM ./security-lora.q4_k_m.gguf

SYSTEM "You are a security analyst. Given a source code file, return a JSON verdict {verdict, confidence, categories, reasoning, iocs} for whether the code is malicious. verdict โˆˆ {malicious, suspicious, benign}. Always cite specific line ranges in iocs.lines when flagging behaviour. Be precise and concise."

PARAMETER temperature 0.1
PARAMETER num_ctx 8192
PARAMETER stop "<|im_end|>"

Then:

ollama create security-scan -f Modelfile
ollama run security-scan "Analyze this code..."

Output schema

{
  "verdict": "malicious | suspicious | benign",
  "confidence": 0.0,
  "categories": ["env_exfil", "crypto_miner", "backdoor", "typosquat",
                 "install_hook_abuse", "obfuscated_eval", "c2_beacon",
                 "credential_theft", "protestware"],
  "reasoning": "step-by-step taint flow / deobfuscation walkthrough",
  "iocs": {"domains": [], "files": [], "lines": [], "env_vars": []}
}

Training pipeline

  1. CPT โ€” Continued pre-training on Datadog malicious-packages + Advisory DB + Semgrep registry.
  2. SFT โ€” Teacher-labeled verdicts (Qwen3-Coder-480B-A35B-FP8) on confirmed-malicious + popular-benign npm samples.
  3. DPO โ€” 300 benign-lookalike pairs to suppress false positives on minified bundles, telemetry SDKs, real crypto.
Downloads last month
109
GGUF
Model size
3B params
Architecture
qwen2
Hardware compatibility
Log In to add your hardware

4-bit

8-bit

Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support

Model tree for jaimef21/security-lora-qwen2.5-coder-3b-gguf

Base model

Qwen/Qwen2.5-3B
Adapter
(1)
this model