Some way to pass "--hash" on the CLI or to ignore file:/// uris when using --require-hashes

Currently I’m working around this with a custom install command, that hashes any file requirement arg and puts it into a requirements file before passing it onto pip here:

I’m also proposing to use this work-around in tox

I think it would be neater to have a --require-hashes-only-for-remote-requirements flag or similar

Here’s a github issue for it allow file:/// deps to be missing `--hash` in hash-checking mode (require-hashes) · Issue #10362 · pypa/pip · GitHub