pip "Hashes are required in --require-hashes mode" in CI
You turned on --require-hashes, which demands every requirement be pinned with == and carry a hash. One requirement - often a transitive one - has no hash, so pip refuses the whole install.
What this error means
pip stops with "Hashes are required in --require-hashes mode, but they are missing" (or "all requirements must have their versions pinned with =="), naming the requirement that lacks a hash. Common when hash mode is on but the file was hand-maintained.
ERROR: In --require-hashes mode, all requirements must have their versions
pinned with ==. These do not:
idna (from requests==2.31.0)
Hashes are required in --require-hashes mode, but they are missing from some
requirements.Common causes
A transitive dependency has no hash
Hash mode is all-or-nothing. A dependency pulled in transitively (here idna) must also be pinned with == and hashed, or pip rejects the run.
Hash mode enabled on a hand-written file
Adding --require-hashes (or --hash on one line) to a manually maintained requirements file leaves most lines unpinned/unhashed, which is invalid in this mode.
How to fix it
Generate a fully hashed lockfile
Compile the file so every direct and transitive requirement is pinned with == and hashed.
pip install pip-tools
pip-compile --generate-hashes requirements.in
pip install --require-hashes -r requirements.txtOr drop hash mode if you do not need it
If supply-chain pinning is not a requirement for this pipeline, remove --require-hashes and the per-line --hash options.
How to prevent it
- Generate hashed lockfiles with pip-tools or uv; never hand-edit them.
- Keep direct and transitive requirements pinned with
==under hash mode. - Run
pip install --require-hashesin CI to validate the lock.