{"id":9806,"library":"hashin","title":"hashin: Requirements.txt Hashing Tool","description":"hashin is a command-line tool that automates the process of adding hashes (e.g., SHA256) to entries in a `requirements.txt` file, improving supply chain security by ensuring integrity. It is currently at version 1.0.5 and maintains an active release cadence, with recent updates focusing on Python version compatibility and internal dependency management.","status":"active","version":"1.0.5","language":"en","source_language":"en","source_url":"https://github.com/peterbe/hashin","tags":["cli","security","requirements","packaging","hashing","supply-chain-security"],"install":[{"cmd":"pip install hashin","lang":"bash","label":"Install hashin"}],"dependencies":[{"reason":"Internal interaction with pip's API for package resolution and hashing.","package":"pip-api","optional":false},{"reason":"Used for parsing and comparing package versions.","package":"packaging","optional":false}],"imports":[],"quickstart":{"code":"import subprocess\nimport os\n\n# Create a dummy requirements.txt for demonstration\nrequirements_content = \"\"\"\nrequests==2.31.0\nclick==8.1.7\n\"\"\"\nwith open(\"requirements.txt\", \"w\") as f:\n    f.write(requirements_content)\n\nprint(\"Original requirements.txt:\")\nwith open(\"requirements.txt\", \"r\") as f:\n    print(f.read())\n\ntry:\n    # Run hashin to add hashes to requirements.txt in place\n    # Using -r requirements.txt explicitly for clarity, though it's the default.\n    print(\"\\nRunning: hashin -r requirements.txt\\n\")\n    result = subprocess.run([\"hashin\", \"-r\", \"requirements.txt\"], capture_output=True, text=True, check=True)\n    print(\"hashin output:\")\n    print(result.stdout)\n    if result.stderr:\n        print(\"hashin stderr (if any):\\n\" + result.stderr)\n\n    print(\"\\nUpdated requirements.txt:\")\n    with open(\"requirements.txt\", \"r\") as f:\n        print(f.read())\n\nexcept subprocess.CalledProcessError as e:\n    print(f\"Error running hashin: {e.stderr}\")\nexcept FileNotFoundError:\n    print(\"Error: 'hashin' command not found. Please ensure it's installed and in your PATH.\")\nfinally:\n    # Clean up the dummy file\n    if os.path.exists(\"requirements.txt\"):\n        os.remove(\"requirements.txt\")\n","lang":"python","description":"This quickstart demonstrates how to use `hashin` from the command line. It creates a temporary `requirements.txt` file, runs `hashin` to add hashes, and then prints the updated content. `hashin` modifies the file in-place."},"warnings":[{"fix":"Upgrade your Python environment to 3.9 or higher. If you must use an older Python version, pin `hashin<1.0.1` at your own risk, as it may have other compatibility issues or unpatched bugs.","message":"hashin 1.0.1 and later versions require Python 3.9 or newer. Older Python versions (e.g., 3.8) are no longer supported due to internal dependency updates.","severity":"breaking","affected_versions":">=1.0.1"},{"fix":"Always commit your `requirements.txt` file before running `hashin`, or ensure you have backups. You can also review the changes with `git diff` after running `hashin`.","message":"`hashin` modifies your `requirements.txt` file in-place. This is its intended behavior, but users should be aware of it and ideally run `hashin` within a version-controlled repository to easily revert changes if necessary.","severity":"gotcha","affected_versions":"all"},{"fix":"Ensure your `requirements.txt` entries are correctly formatted (e.g., `package==version`) and that the specified versions are available on PyPI or your configured package index. Use `pip install -r requirements.txt --dry-run` to test resolvability without installing.","message":"hashin requires a valid requirements file format. If package versions are malformed or unresolvable by pip, `hashin` may fail or produce unexpected results.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-04-17T00:00:00.000Z","next_check":"2026-07-16T00:00:00.000Z","problems":[{"fix":"Ensure `hashin` is installed by running `pip install hashin`. If it is installed, verify your system's PATH configuration or try running it via `python -m hashin`.","cause":"`hashin` is not installed or its installation directory is not in your system's PATH.","error":"hashin: command not found"},{"fix":"Switch to a Python 3.9+ environment (e.g., using `pyenv` or `conda`), or upgrade your default Python interpreter. For example, `python3.9 -m pip install hashin`.","cause":"You are attempting to run `hashin` using a Python interpreter version older than 3.9.","error":"ERROR: Command \"hashin\" requires Python >=3.9"},{"fix":"Either create a `requirements.txt` file in your current directory, or specify the path to your requirements file using the `-r` option: `hashin -r path/to/my_requirements.txt`.","cause":"`hashin` was run without specifying a requirements file, and no file named `requirements.txt` exists in the current working directory.","error":"ERROR: No requirements file found at 'requirements.txt'"}]}