Pipfile Hash Creation

I ran into the same error with the most recent pipenv release (2020.11.4), it seems that a fix is already set for the next release (see https://github.com/pypa/pipenv/pull/4519). But in the meantime what worked for me is just to rollback to the older version of pipenv (2020.8.13).

Try clearing your pipenv cache:

Make sure your dependencies actually do resolve. If you’re confident they are, you may need to clear your resolver cache. Run the following command:

pipenv lock --clear

and try again.

If this does not work, try manually deleting the whole cache directory. It is usually one of the following locations:

  • ~/Library/Caches/pipenv (macOS)
  • %LOCALAPPDATA%\pipenv\pipenv\Cache (Windows)
  • ~/.cache/pipenv (other operating systems)

While the current release of pipenv only accepts sha256 hashes, it loads package URLs from a cache and writes those cached URLs' hashes to Pipfile.lock. If those cached hashes are md5 hashes from previously-installed packages, pipenv uses those values as-is without verifying that they are sha256/FAVORITE_HASH.

Clearing the cache and re-locking will cause pipenv to cache miss and re-fetch package URLs which end in sha256 hashes, and write them to Pipfile.lock as you'd hope, and prevent you from running into the issue again.