View this page
  


  
  
  
    
    Edit this page
  

          
            Toggle table of contents sidebar
            
          
        
          
pip hash¶

Usage¶

Unix/macOSpython -m pip hash [options] <file> ...

Windowspy -m pip hash [options] <file> ...




Description¶
Compute a hash of a local package archive.
These can be used with --hash in a requirements file to do repeatable
installs.


Overview¶
pip hash is a convenient way to get a hash digest for use with
Hash-checking Mode, especially for packages with multiple archives. The
error message from pip install --require-hashes ... will give you one
hash, but, if there are multiple archives (like source and binary ones), you
will need to manually download and compute a hash for the others. Otherwise, a
spurious hash mismatch could occur when pip install is passed a
different set of options, like --no-binary.



Options¶


-a, --algorithm <algorithm>¶
The hash algorithm to use: one of sha256, sha384, sha512
(environment variable: PIP_ALGORITHM)





Example¶
Compute the hash of a downloaded archive:

Unix/macOS$ python -m pip download SomePackage
Collecting SomePackage
   Downloading SomePackage-2.2.tar.gz
   Saved ./pip_downloads/SomePackage-2.2.tar.gz
Successfully downloaded SomePackage
$ python -m pip hash ./pip_downloads/SomePackage-2.2.tar.gz
./pip_downloads/SomePackage-2.2.tar.gz:
--hash=sha256:93e62e05c7ad3da1a233def6731e8285156701e3419a5fe279017c429ec67ce0

WindowsC:\> py -m pip download SomePackage
Collecting SomePackage
   Downloading SomePackage-2.2.tar.gz
   Saved ./pip_downloads/SomePackage-2.2.tar.gz
Successfully downloaded SomePackage
C:\> py -m pip hash ./pip_downloads/SomePackage-2.2.tar.gz
./pip_downloads/SomePackage-2.2.tar.gz:
--hash=sha256:93e62e05c7ad3da1a233def6731e8285156701e3419a5fe279017c429ec67ce0