Open
Description
What's the problem this feature will solve?
to reduce the risk of sha-256 collision, providing the size of the file could be interesting.
also this is in PEP-0751 included "mousebender" example: https://peps.python.org/pep-0751/
created-by = 'mousebender'
[[packages]]
name = 'attrs'
version = '25.1.0'
requires-python = '>=3.8'
wheels = [
{name = 'attrs-25.1.0-py3-none-any.whl', upload-time = 2025-01-25T11:30:10.164985+00:00, url = 'https://files.pythonhosted.org/packages/fc/30/d4986a882011f9df997a55e6becd864812ccfcd821d64aac8570ee39f719/attrs-25.1.0-py3-none-any.whl', size = 63152, hashes = {sha256 = 'c75a69e28a550a7e93789579c22aa26b0f5b83b75dc4e08fe092980051e1090a'}},
]`
Describe the solution you'd like
provide also the size of the packages , when generating "pip lock"
Alternative Solutions
doing it by hand in a post treatment
Additional context
using "pip lock" to generate a reference and safe pylock.toml file for WinPython distribution
typical code:
rem to get pylock.toml in a ok place...
cd/D %LOCKDIR%
python.exe -m pip freeze>%req%
findstr /v "winpython" %req% > %wanted_req%
rem pip lock from pypi, from the frozen req
python.exe -m pip lock --no-deps -c C:\WinP\constraints.txt -r "%wanted_req%" -o %pip_lock_web%
rem pip lock from local WheelHouse, from the frozen req
python.exe -m pip lock --no-deps --no-index --trusted-host=None --find-links=C:\WinP\packages.srcreq -c C:\WinP\constraints.txt -r "%wanted_req%" -o %pip_lock_local%
rem generating also classic requirement with hash-256, from obtained pylock.toml
python.exe -c "from winpython import wheelhouse as wh;wh.pylock_to_req(r'%pip_lock_web%', r'%req_lock_web%')"
python.exe -c "from winpython import wheelhouse as wh;wh.pylock_to_req(r'%pip_lock_local%', r'%req_lock_local%')"
rem compare the two (result from pypi and local Wheelhouse must be equal)
fc "%req_lock_web%" "%req_lock_local%"
Code of Conduct
- I agree to follow the PSF Code of Conduct.