hashin 0.14.5 and canonical pip hashes

31 January 2019   0 comments   Python


Prior to version 0.14.5 hashin would write write down the hashes of PyPI packages in the order they appear in PyPI's JSON response. That means there's a slight chance that two distinct clients/computers/humans might actually get different output when then run hashin Django==2.1.5 .

The pull request has a pretty hefty explanation as it demonstrates the fix.

Do note that if the existing order of hashes in a requirements file is not in the "right" order, hashin won't correct it unless any of the hashes are different.

Thanks @SomberNight for patiently pushing for this.


Your email will never ever be published

Related posts

How to encrypt a file with Emacs on macOS (ccrypt) 29 January 2019
Format thousands in Python 01 February 2019
Related by Keyword:
Concurrent download with hashin without --update-all 18 December 2018
hashin 0.14.0 with --update-all and a bunch of other features 13 November 2018
hashin 0.12.0 is much much faster 20 March 2018
hashin 0.7.0 and multiple packages 30 August 2016
hashin 0.5.0 bug fix 17 May 2016