Without digging deeper, I just noticed that given a fresh requirements.txt file (i.e. without any hashes) the -u doesn’t actually add hashes to all entries. Seemingly random ones are left out, but when I run them in the command line they’re added to the requirements.txt just fine… 🤔 That’s in both synchronous download mode, and parallel.
Have you noticed that behavior?
For the time being I use
touch requirements.txt # Because the file needs to exists, else hashin fails.
for p in `pip list --format freeze`; do hashin --verbose $p; done
which adds the hashes for all of the packages listed in requirements.txt.
Thank you for this useful tool!
Without digging deeper, I just noticed that given a fresh
requirements.txt
file (i.e. without any hashes) the-u
doesn’t actually add hashes to all entries. Seemingly random ones are left out, but when I run them in the command line they’re added to therequirements.txt
just fine… 🤔 That’s in both synchronous download mode, and parallel.Have you noticed that behavior?
For the time being I use
which adds the hashes for all of the packages listed in
requirements.txt
.