For the project you want to build via lektor, or install lektor for.
requirements.in file with the following content:
Add any other dependencies there.
Then create a
requirements.txt file with the pinned hashes, remember to do it in a same environment, for
example using Python3.7 on Debian 10.
python3 -m venv .venv source .venv/bin/activate python3 -m pip install pip-tools # This is being downloaded directly from PyPI. pip-compile --generate-hashes --allow-unsafe --output-file=requirements.txt requirements.in
requiremnts.* files in your project.
Now, in the virtualenv you are actually installing the project, or say lektor, you can use the follwing command to verify that pinning is being used.
python -m pip install --require-hashes -r requirements.txt