Current package set fails to install

[AetherUnbound]

Description

It seems that the current set of packages fails to install:

#0 46.84 [pipenv.exceptions.InstallError]: Collecting livereload==2.6.3
#0 46.84 [pipenv.exceptions.InstallError]:   Using cached livereload-2.6.3-py2.py3-none-any.whl (24 kB)
#0 46.84 [pipenv.exceptions.InstallError]: ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
#0 46.84 [pipenv.exceptions.InstallError]:     livereload==2.6.3 from https://files.pythonhosted.org/packages/e3/05/ed67ccf462fff0b559e6ea7b3e3fcb20dec9d57bf90b5c5e72a6f316183e/livereload-2.6.3-py2.py3-none-any.whl (from -r /tmp/pipenv-lwwq_5e9-requirements/pipenv-e_xlrs8z-hashed-reqs.txt (line 28)):
#0 46.84 [pipenv.exceptions.InstallError]:         Expected sha256 776f2f865e59fde56490a56bcc6773b6917366bce0c267c60ee8aaf1a0959869
#0 46.84 [pipenv.exceptions.InstallError]:              Got        ad4ac6f53b2d62bb6ce1a5e6e96f1f00976a32348afedcb4b6d68df2a1d346e4

The package in question has the note "MAINTAINERS NEEDED" on it, which gives me concern that this could have been compromised: https://github.com/lepture/python-livereload

Reproduction

1. Run just build --no-cache
2. See error.

Additional context

This was first identified in https://github.com/WordPress/openverse-api/pull/1057 (specifically https://github.com/WordPress/openverse-api/actions/runs/3767784439/jobs/6405648796).

[dhruvkb]

@AetherUnbound the package was not compromised. A new maintainer was recently onboarded (so the 'MAINTAINERS NEEDED' bit might be outdated) and on 2022-12-02, built wheels were added to the package.

Pipenv fails to install the package because it prefers wheels over the source, but then compares the hash of the wheels to the hash of the source recorded in Pipfile.lock.

[AetherUnbound]

Thank you for looking into that more thoroughly @dhruvkb!