Feature: Command to verify hash in Pipfile.lock against packages in Pipfile (out-of-date check) #4893
Labels
PR: awaiting-review
The PR related to this issue is awaiting review by a maintainer.
Type: Enhancement 💡
This is a feature or enhancement request.
Comments
den4uk
changed the title
|
I agree that this would be a useful feature. Perhaps open a PR and we can push for it? |
|
Thanks for a suggestion, I opened a PR for an initial review. #4896 |
matteius
added
Type: Enhancement 💡
|
This has been merged to master branch, congrats @den4uk ! Going to close this issue out for now, looking forward to the next release of |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When running
pipenv install --deploy, it checks the hash in the Pipfile.lock file matches with the packages in the Pipfile. Upon a mismatch, an exception is raised, else it proceeds to install.NEW FEATURE: It would be very used to have the hash verification step to be a standalone command, which could return an exit code if the hash is verified or not.
User case.
This can come in useful in the CI/CD pipelines, where locking could be performed and committed when the hash is not verified. This could save a significant amount of time to avoid re-locking dependencies, especially when there are many of them.
The text was updated successfully, but these errors were encountered: