Get Python Requirements Package Hashes

By  on  

Python's (pip's) requirements.txt file is the equivalent to package.json in the JavaScript / Node.js world.  This requirements.txt file isn't as pretty as package.json but it not only defines a version but goes a step further, providing a sha hash to compare against to ensure package integrity:

Flask==0.12.1 \
Jinja2==2.9.6 \
MarkupSafe==1.0 \


Coming from the JavaScript / package.json world, you only need to provide the package name and version.  To get the hash of a python package, you can use hashin.  The first step is installing hashin:

pip install hashin

Once hashin is installed, you can get the package hash easily:

hashin Flask==0.12.1

The code above adds the package name, version, and available hashes to your requirements.txt file automatically.  Unfortunately I'm not aware of a method for recursive hashin checks, so if a package dependency doesn't use hashes, you'll need to run hashin for each of those packages manually.

Recent Features

  • By
    Create Namespaced Classes with MooTools

    MooTools has always gotten a bit of grief for not inherently using and standardizing namespaced-based JavaScript classes like the Dojo Toolkit does.  Many developers create their classes as globals which is generally frowned up.  I mostly disagree with that stance, but each to their own.  In any event...

  • By
    Creating Scrolling Parallax Effects with CSS

    Introduction For quite a long time now websites with the so called "parallax" effect have been really popular. In case you have not heard of this effect, it basically includes different layers of images that are moving in different directions or with different speed. This leads to a...

Incredible Demos


  1. I think in your second snippet you mean hashin Flask==0.12.1.

    Also, hashin works by just specifying the package name. It’ll then install the latest version. E.g. hashin Flask.

  2. Check out for getting both recursive checks and hashes.

  3. F Fouvry

    pip-compile (from pip-tools) can generate hashes in a requirements file, using the option --generate-hashes.

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!