hashin 0.14.5 and canonical pip hashes

31 January 2019   0 comments   Python

Mind that age!

This blog post is 3 years old! Most likely, its content is outdated. Especially if it's technical.


Prior to version 0.14.5 hashin would write write down the hashes of PyPI packages in the order they appear in PyPI's JSON response. That means there's a slight chance that two distinct clients/computers/humans might actually get different output when then run hashin Django==2.1.5.

The pull request has a pretty hefty explanation as it demonstrates the fix.

Do note that if the existing order of hashes in a requirements file is not in the "right" order, hashin won't correct it unless any of the hashes are different.

Thanks @SomberNight for patiently pushing for this.


Your email will never ever be published.

Related posts