ERROR
pip
config_error
ai_generated
true
ERROR: Invalid constraint: --hash=sha256:abc123...: expected a constraint line with a requirement, got a hash option
ID: pip/invalid-constraint-hash
95%Fix Rate
82%Confidence
1Evidence
2023-08-10First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| pip 23.1 | active | — | — | — |
| pip 24.0 | active | — | — | — |
| pip 24.3 | active | — | — | — |
Root Cause
A constraints file (constraints.txt) contains a line with only a hash option (e.g., --hash=sha256:...), but pip expects each constraint line to specify a package name and version, with the hash as an option on the same line.
generic中文
约束文件(constraints.txt)中包含仅包含哈希选项的行(例如 --hash=sha256:...),但 pip 期望每个约束行指定一个包名和版本,哈希作为同一行的选项。
Official Documentation
https://pip.pypa.io/en/stable/topics/constraints-files/Workarounds
-
95% success Rewrite the constraint line to include the package name and version: 'package==1.2.3 --hash=sha256:abc123...'
Rewrite the constraint line to include the package name and version: 'package==1.2.3 --hash=sha256:abc123...'
-
90% success Remove the orphaned hash line from the constraints file and regenerate hashes using: pip hash <package>.whl
Remove the orphaned hash line from the constraints file and regenerate hashes using: pip hash <package>.whl
中文步骤
将约束行重写为包含包名和版本:'package==1.2.3 --hash=sha256:abc123...'
从约束文件中移除孤立的哈希行,并使用以下命令重新生成哈希:pip hash <package>.whl
Dead Ends
Common approaches that don't work:
-
Add the hash to a requirements.txt instead of constraints.txt
90% fail
The same syntax rules apply to requirements files; moving the line does not fix the malformed constraint entry.
-
Use --require-hashes in constraints.txt
95% fail
The --require-hashes flag enables hash checking but does not change how constraint lines are parsed; the invalid line remains.