Get Python Requirements Package Hashes

By  on  

Python's (pip's) requirements.txt file is the equivalent to package.json in the JavaScript / Node.js world.  This requirements.txt file isn't as pretty as package.json but it not only defines a version but goes a step further, providing a sha hash to compare against to ensure package integrity:

Flask==0.12.1 \
    --hash=sha256:6c3130c8927109a08225993e4e503de4ac4f2678678ae211b33b519c622a7242
Jinja2==2.9.6 \
    --hash=sha256:2231bace0dfd8d2bf1e5d7e41239c06c9e0ded46e70cc1094a0aa64b0afeb054
MarkupSafe==1.0 \
    --hash=sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665

....

Coming from the JavaScript / package.json world, you only need to provide the package name and version.  To get the hash of a python package, you can use hashin.  The first step is installing hashin:

pip install hashin

Once hashin is installed, you can get the package hash easily:

hashin Flask==0.12.1

The code above adds the package name, version, and available hashes to your requirements.txt file automatically.  Unfortunately I'm not aware of a method for recursive hashin checks, so if a package dependency doesn't use hashes, you'll need to run hashin for each of those packages manually.

Recent Features

Incredible Demos

  • By
    Record Text Selections Using MooTools or jQuery AJAX

    One technique I'm seeing more and more these days (CNNSI.com, for example) is AJAX recording of selected text. It makes sense -- if you detect users selecting the terms over and over again, you can probably assume your visitors are searching that term on Google...

  • By
    Fancy FAQs with jQuery Sliders

    Frequently asked questions can be super boring, right? They don't have to be! I've already shown you how to create fancy FAQs with MooTools -- here's how to create the same effect using jQuery. The HTML Simply a series of H3s and DIVs wrapper...

Discussion

  1. I think in your second snippet you mean hashin Flask==0.12.1.

    Also, hashin works by just specifying the package name. It’ll then install the latest version. E.g. hashin Flask.

  2. Check out for getting both recursive checks and hashes.

  3. F Fouvry

    pip-compile (from pip-tools) can generate hashes in a requirements file, using the option --generate-hashes.

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!