pip hash is a convenient way to get a hash digest for use with Hash-checking Mode, especially for packages with multiple archives. The error message from pip install --require-hashes ... will give you one hash, but, if there are multiple archives (like source and binary ones), you will need to manually download and compute a hash for the others. Otherwise, a spurious hash mismatch could occur when pip install is passed a different set of options, like --no-binary.