# 错误：这些包的哈希值与 requirements 文件中的哈希值不匹配。如果您更新了包版本，请更新 requirements 文件中的哈希值。否则，请检查 requirements 文件是否正确。包 <package> 的哈希值不正确：期望 sha256=abc123... 实际得到 sha256=def456...

- **ID:** `pip/requirements-file-hash-mismatch-multiple`
- **领域:** pip
- **类别:** data_error
- **错误码:** `ERROR`
- **验证级别:** ai_generated
- **修复率:** 90%

## 根因

requirements 文件中记录的包哈希值与下载的 wheel 的哈希值不匹配，表明下载损坏、中间人攻击或 requirements 文件过时。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| pip 22.0 | active | — | — |
| pip 22.3 | active | — | — |
| pip 23.0 | active | — | — |
| pip 23.2 | active | — | — |

## 解决方案

1. ```
   Update the requirements file by regenerating hashes from a trusted source: pip hash <package>==<version> > new_hash.txt, then replace the hash in requirements.txt.
   ```
2. ```
   Use a requirements file without hashes temporarily: pip install -r requirements.txt --no-hash-check, then verify the package integrity manually via PyPI or official source.
   ```
3. ```
   Clear pip cache: pip cache purge, then retry with hash verification enabled.
   ```

## 无效尝试

- **** — Disables hash verification, leaving the system vulnerable to supply chain attacks; not a fix, just a bypass. (80% 失败率)
- **** — If the mirror is also compromised or serving the same corrupted file, the hash will still mismatch. (60% 失败率)
- **** — Blindly accepting the new hash defeats the purpose of hash checking; could install malicious code. (70% 失败率)