diff --git a/.devcontainer/postCreateCommand.sh b/.devcontainer/postCreateCommand.sh
index 6d03ef4573..19ae90e03a 100755
--- a/.devcontainer/postCreateCommand.sh
+++ b/.devcontainer/postCreateCommand.sh
@@ -27,7 +27,7 @@ python3 -m pip install --upgrade pip
 pip3 install --ignore-installed --upgrade invoke Pillow
 
 # install base level packages
-pip3 install -Ur contrib/container/requirements.txt
+pip3 install -Ur contrib/container/requirements.txt --require-hashes
 
 # Run initial InvenTree server setup
 invoke update -s
diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml
index f2e3e7102d..5a9cd30221 100644
--- a/.github/actions/setup/action.yaml
+++ b/.github/actions/setup/action.yaml
@@ -95,7 +95,7 @@ runs:
       - name: Install dev requirements
         if: ${{ inputs.dev-install == 'true' || inputs.install == 'true' }}
         shell: bash
-        run: uv pip install  -r src/backend/requirements-dev.txt
+        run: uv pip install --require-hashes -r src/backend/requirements-dev.txt
       - name: Run invoke install
         if: ${{ inputs.install == 'true' }}
         shell: bash
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index 5792d0989f..a350ebf354 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -162,7 +162,7 @@ jobs:
           python-version: ${{ env.python_version }}
       - name: Version Check
         run: |
-          pip install  -r contrib/dev_reqs/requirements.txt
+          pip install --require-hashes -r contrib/dev_reqs/requirements.txt
           python3 .github/scripts/version_check.py
           echo "git_commit_hash=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
           echo "git_commit_date=$(git show -s --format=%ci)" >> $GITHUB_ENV
diff --git a/.github/workflows/qc_checks.yaml b/.github/workflows/qc_checks.yaml
index 03a24e5b3b..78d8c35293 100644
--- a/.github/workflows/qc_checks.yaml
+++ b/.github/workflows/qc_checks.yaml
@@ -99,7 +99,7 @@ jobs:
         uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # pin@v3.0.1
       - name: Check Version
         run: |
-          pip install  -r contrib/dev_reqs/requirements.txt
+          pip install --require-hashes -r contrib/dev_reqs/requirements.txt
           python3 .github/scripts/version_check.py
 
   typecheck:
@@ -140,8 +140,8 @@ jobs:
           python-version: ${{ env.python_version }}
       - name: Check Config
         run: |
-          pip install  -r contrib/dev_reqs/requirements.txt
-          pip install  -r docs/requirements.txt
+          pip install --require-hashes -r contrib/dev_reqs/requirements.txt
+          pip install --require-hashes -r docs/requirements.txt
           python docs/ci/check_mkdocs_config.py
       - name: Check Links
         uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # pin@v1
@@ -189,7 +189,7 @@ jobs:
         env:
           API: ${{ needs.paths-filter.outputs.api }}
         run: |
-          pip install  -r contrib/dev_reqs/requirements.txt >/dev/null 2>&1
+          pip install --require-hashes -r contrib/dev_reqs/requirements.txt >/dev/null 2>&1
           version="$(python3 .github/scripts/version_check.py --show-api-version --decrement-api=${API} 2>&1)"
           echo "API Version: $version"
           url="https://raw.githubusercontent.com/inventree/schema/main/export/${version}/api.yaml"
@@ -223,7 +223,7 @@ jobs:
         id: version
         if: github.ref == 'refs/heads/master' && needs.paths-filter.outputs.api == 'true'
         run: |
-          pip install  -r contrib/dev_reqs/requirements.txt >/dev/null 2>&1
+          pip install --require-hashes -r contrib/dev_reqs/requirements.txt >/dev/null 2>&1
           version="$(python3 .github/scripts/version_check.py --show-api-version 2>&1)"
           echo "API Version: $version"
           echo "version=$version" >> "$GITHUB_OUTPUT"
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index ff0f557d68..91db73aadd 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -25,7 +25,7 @@ jobs:
           persist-credentials: false
       - name: Version Check
         run: |
-          pip install  -r contrib/dev_reqs/requirements.txt
+          pip install --require-hashes -r contrib/dev_reqs/requirements.txt
           python3 .github/scripts/version_check.py
       - name: Push to Stable Branch
         uses: ad-m/github-push-action@77c5b412c50b723d2a4fbc6d71fb5723bcd439aa # pin@v1.0.0
@@ -119,8 +119,8 @@ jobs:
           npm: true
       - name: Install dependencies
         run: |
-          pip install  -r contrib/dev_reqs/requirements.txt
-          pip install  -r docs/requirements.txt
+          pip install --require-hashes -r contrib/dev_reqs/requirements.txt
+          pip install --require-hashes -r docs/requirements.txt
       - name: Build documentation
         run: |
           invoke build-docs --mkdocs
diff --git a/contrib/container/Dockerfile b/contrib/container/Dockerfile
index a8d81cbcb4..b943e52711 100644
--- a/contrib/container/Dockerfile
+++ b/contrib/container/Dockerfile
@@ -111,8 +111,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     && rm -rf /var/lib/apt/lists/*
 
 # Build and install python dependencies
-RUN pip install --user  -r base_requirements.txt --no-cache-dir && \
-    pip install --user  -r requirements.txt --no-cache-dir && \
+RUN pip install --user --require-hashes -r base_requirements.txt --no-cache-dir && \
+    pip install --user --require-hashes -r requirements.txt --no-cache-dir && \
     pip cache purge && \
     rm -rf /root/.cache/pip
 
diff --git a/contrib/packager.io/functions.sh b/contrib/packager.io/functions.sh
index 6708d705af..c4703d6eba 100755
--- a/contrib/packager.io/functions.sh
+++ b/contrib/packager.io/functions.sh
@@ -146,7 +146,7 @@ function detect_envs() {
 
     # Install parser
     echo "# POI03| Installing requirements"
-    pip install  -r ${APP_HOME}/contrib/dev_reqs/requirements.txt -q
+    pip install --require-hashes -r ${APP_HOME}/contrib/dev_reqs/requirements.txt -q
     echo "# POI03| Installed requirements"
 
     # Load config
diff --git a/tasks.py b/tasks.py
index fe9abc4233..ea6e89e1d1 100644
--- a/tasks.py
+++ b/tasks.py
@@ -432,7 +432,7 @@ def run_install(c, uv, install_file, run_preflight=True):
             )
         run(
             c,
-            f'pip3 install --no-cache-dir --disable-pip-version-check -U  -r {install_file}',
+            f'pip3 install --no-cache-dir --disable-pip-version-check -U --require-hashes -r {install_file}',
         )
     else:
         if run_preflight:
@@ -440,7 +440,7 @@ def run_install(c, uv, install_file, run_preflight=True):
                 c,
                 'pip3 install --no-cache-dir --disable-pip-version-check -U uv setuptools',
             )
-        run(c, f'uv pip install -U   -r {install_file}')
+        run(c, f'uv pip install -U --require-hashes -r {install_file}')
 
 
 def yarn(c, cmd):
@@ -568,7 +568,7 @@ def setup_dev(c, tests=False):
     info("Installing required python packages from 'src/backend/requirements-dev.txt'")
 
     # Install required Python packages with PIP
-    run(c, 'pip3 install -U  -r src/backend/requirements-dev.txt')
+    run(c, 'pip3 install -U --require-hashes -r src/backend/requirements-dev.txt')
 
     # Install pre-commit hook
     info('Installing pre-commit for checks before git commits...')