Menu
When I tried to install libraries using pip install, sometimes this error message come up.
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
This error comes up when I am trying to build multiple images using docker-compose V2.
What I have done:
pip install --no-cache-dir -r requirements.txtHowever, it still comes up randomly. The libraries that are referred to the error message also keep changing.
Does anyone know the reason for this issue?
990
So I had the same issue, tried deleting the pip cache file and using the "--no-cache-dir" argument. None of those worked.
I then came across a post that said they were experiencing this error because of a networking issue. So I switched off my VPN and everything worked perfectly!
Not sure why this works, but it got the job done
66
answered Jan 03 '26 15:01
This is pips integrated checking mechanism that is automatically checking the integrity of the downloaded package.
You can check yourself (by clicking view in the has column) that the sha256 of the whl file loaded from pypi should be for example this:
7a2c93be4f874fd42541a1330218d2094015993420bf0bd8fbf19c88e6b49c6a
but for example your error says that you got this:
g4dd3fb13afd095a21c7dfd0d2f9bd0a3593c3c78e81ca2f475429490752e7b8
So pip is (for security reasons) not installing the package for you. I would suggest to:
pip is taking the whl from some tmp directory on your system with an incorrectly downloaded whl file sitting there - If so, try deleting itwhl file and then check the output of pip hash <whl file> (if it matches the g4dd3fb13af... sha) and if you can do pip install <whl file>And besides, there was a similar problem for me, I tried it and it worked:
sudo pip install --no-cache-dir `YOUR_PACKAGE_NAME`
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With