No description, website, or topics provided.
Python
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
tests
.coveragerc
.gitignore
.travis.yml
CHANGELOG.md
LICENSE
MANIFEST.in
README.rst
dephash.py
requirements-dev.txt
requirements-prod.txt
setup.py
tox.ini

README.rst

dephash

https://travis-ci.org/escapewindow/dephash.svg?branch=master https://coveralls.io/repos/github/escapewindow/dephash/badge.svg?branch=master

Production installs sometimes call for pinning package versions; hash checking adds to the security and stability of those installs. pip >= 8.0.0 allows for checking package hashes through requirements files. However, it's easy for requirements to fall out of date, and it's a hassle to test other versions of packages.

With dephash, a permissive requirements-dev.txt can be transformed into a fully version-pinned, hashed requirements-prod.txt.

Usage

# Generate pinned+hashed requirements-prod.txt
dephash [-v] [-l,--logfile LOGFILE] gen requirements-dev.txt > requirements-prod.txt

# Check for outdated packages in PATH, where PATH is a virtualenv or requirements file
dephash [-v] [-l,--logfile LOGFILE] outdated PATH