URL: https://github.com/peterbe/hashin/issues/105

Prior to version 0.14.5 hashin would write write down the hashes of PyPI packages in the order they appear in PyPI's JSON response. That means there's a slight chance that two distinct clients/computers/humans might actually get different output when then run hashin Django==2.1.5.

The pull request has a pretty hefty explanation as it demonstrates the fix.

Do note that if the existing order of hashes in a requirements file is not in the "right" order, hashin won't correct it unless any of the hashes are different.

Thanks @SomberNight for patiently pushing for this.

Comments

Your email will never ever be published.

Previous:
How to encrypt a file with Emacs on macOS (ccrypt) January 29, 2019 Linux, macOS
Next:
Format thousands in Python February 1, 2019 Python
Related by category:
A Python dict that can report which keys you did not use June 12, 2025 Python
Autocomplete using PostgreSQL instead of Elasticsearch December 18, 2025 Python
Comparison of speed between gpt-5, gpt-5-mini, and gpt-5-nano December 15, 2025 Python
Using AI to rewrite blog post comments November 12, 2025 Python
Related by keyword:
Pip-Outdated.py - a script to compare requirements.in with the output of pip list --outdated December 22, 2022 Python
Pip-Outdated.py with interactive upgrade September 21, 2023 Python
"ld: library not found for -lssl" trying to install mysqlclient in Python on macOS February 5, 2020 Python, macOS
hashin 0.14.0 with --update-all and a bunch of other features November 13, 2018 Python, Linux