# ERROR: Invalid constraint: --hash=sha256:abc123...: expected a constraint line with a requirement, got a hash option

- **ID:** `pip/invalid-constraint-hash`
- **Domain:** pip
- **Category:** config_error
- **Error Code:** `ERROR`
- **Verification:** ai_generated
- **Fix Rate:** 95%

## Root Cause

A constraints file (constraints.txt) contains a line with only a hash option (e.g., --hash=sha256:...), but pip expects each constraint line to specify a package name and version, with the hash as an option on the same line.

## Version Compatibility

| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| pip 23.1 | active | — | — |
| pip 24.0 | active | — | — |
| pip 24.3 | active | — | — |

## Workarounds

1. **Rewrite the constraint line to include the package name and version: 'package==1.2.3 --hash=sha256:abc123...'** (95% success)
   ```
   Rewrite the constraint line to include the package name and version: 'package==1.2.3 --hash=sha256:abc123...'
   ```
2. **Remove the orphaned hash line from the constraints file and regenerate hashes using: pip hash <package>.whl** (90% success)
   ```
   Remove the orphaned hash line from the constraints file and regenerate hashes using: pip hash <package>.whl
   ```

## Dead Ends

- **Add the hash to a requirements.txt instead of constraints.txt** — The same syntax rules apply to requirements files; moving the line does not fix the malformed constraint entry. (90% fail)
- **Use --require-hashes in constraints.txt** — The --require-hashes flag enables hash checking but does not change how constraint lines are parsed; the invalid line remains. (95% fail)