Change trust_remote_code default to False for security reason (#787)

ChenhanYu · web-flow · commit 849a3501c50c · 2026-01-15T18:59:51.000Z
## What does this PR do? **Type of change:** ?  Bug fix **Overview:** ? Change `trust_remote_code` default to `False` for security reason ## Usage  ```python # Add a code snippet demonstrating how to use this ``` ## Testing  ## Before your PR is "*Ready for review*"  - **Make sure you read and follow [Contributor guidelines](https://github.com/NVIDIA/Model-Optimizer/blob/main/CONTRIBUTING.md)** and your commits are signed. - **Is this change backward compatible?**: Yes/No  - **Did you write any new necessary tests?**: Yes/No - **Did you add or update any necessary documentation?**: Yes/No - **Did you update [Changelog](https://github.com/NVIDIA/Model-Optimizer/blob/main/CHANGELOG.rst)?**: Yes/No  ## Additional Information   ## Summary by CodeRabbit * **Bug Fixes** * Updated model loader security settings: remote code is no longer trusted by default when loading model configurations. Users requiring remote code execution must now explicitly enable this option. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub>  Signed-off-by: Chenhan Yu <chenhany@nvidia.com>
diff --git a/modelopt/torch/export/plugins/megatron_importer.py b/modelopt/torch/export/plugins/megatron_importer.py
@@ -75,7 +75,7 @@ def __init__(
         workspace_dir: str | None = None,
         dtype=torch.bfloat16,
         dequantize: bool = True,
-        trust_remote_code: bool = True,
+        trust_remote_code: bool = False,
         verbose: bool = False,
         moe_router_dtype: torch.dtype | None = None,
     ):
