diff --git a/plug/requirements/requirement.py b/plug/requirements/requirement.py
index 61f1c4b7..31b1664d 100644
--- a/plug/requirements/requirement.py
+++ b/plug/requirements/requirement.py
@@ -195,6 +195,10 @@ def parse_line(cls, line):
             # This is a requirement specifier.
             # Delegate to pkg_resources and hope for the best
             req.specifier = True
+
+            # an optional --hash param is not part of the req specifier
+            line = re.sub('\s*--hash=\S+', '', line)
+
             pkg_req = Req.parse(line)
             req.name = pkg_req.unsafe_name
             req.extras = list(pkg_req.extras)
diff --git a/test/inspect.test.js b/test/inspect.test.js
index f3af26ea..593b4096 100644
--- a/test/inspect.test.js
+++ b/test/inspect.test.js
@@ -408,6 +408,58 @@ test('editables ignored', function (t) {
     });
 });
 
+test('deps withs hashes', function (t) {
+  chdirWorkspaces('pip-app-deps-with-hashes');
+
+  return pipInstall()
+    .then(function () {
+      return plugin.inspect('.', 'requirements.txt')
+        .then(function (result) {
+          var plugin = result.plugin;
+          var pkg = result.package;
+
+          t.test('plugin', function (t) {
+            t.ok(plugin, 'plugin');
+            t.equal(plugin.name, 'snyk-python-plugin', 'name');
+            t.match(plugin.runtime, 'Python', 'runtime');
+            t.end();
+          });
+
+          t.test('package', function (t) {
+            t.ok(pkg, 'package');
+            t.equal(pkg.name, 'pip-app-deps-with-hashes', 'name');
+            t.equal(pkg.version, '0.0.0', 'version');
+            t.same(pkg.from, ['pip-app-deps-with-hashes@0.0.0'], 'from self');
+            t.end();
+          });
+
+          t.test('package dependencies', function (t) {
+            t.match(pkg.dependencies.markupsafe, {
+              name: 'markupsafe',
+              version: '1.0',
+              from: [
+                'pip-app-deps-with-hashes@0.0.0',
+                'markupsafe@1.0',
+              ],
+            }, 'MarkupSafe looks ok');
+
+            t.match(pkg.dependencies.dnspython, {
+              name: 'dnspython',
+              version: '1.13.0',
+              from: [
+                'pip-app-deps-with-hashes@0.0.0',
+                'dnspython@1.13.0',
+              ],
+            }, 'dnspython looks ok');
+
+            t.end();
+          });
+
+          t.end();
+        });
+    });
+});
+
 test('trusted host ignored', function (t) {
   chdirWorkspaces('pip-app-trusted-host');
   return pipInstall()
diff --git a/test/workspaces/pip-app-deps-with-hashes/requirements.txt b/test/workspaces/pip-app-deps-with-hashes/requirements.txt
new file mode 100644
index 00000000..666a34e1
--- /dev/null
+++ b/test/workspaces/pip-app-deps-with-hashes/requirements.txt
@@ -0,0 +1,2 @@
+MarkupSafe==1.0 --hash=sha256:a6be69091dac236ea9c6bc7d012beab42010fa914c459791d627dad4910eb665
+dnspython==1.13.0 --hash=sha256:80f89881b402fc3b931a936111b43bcfe3abd8b0005d27e50e3c5fb59f7260f8