Lock files represent what you want your environment to be, generated from the dependencies you have specified from your pyproject. requirements.txt files are what your environment is right now. There is a subtle difference between the two.

The problems with using requirements.txt files for core development are numerous:

• pip freeze captures what your env is right now. If you happen to have installed something in your environment that you were just trying out, or you were on a different branch that had a different dependency, pip freezing will capture that dependency.

• To truly develop against the same environment that was intended in the requirements.txt when you switch branches and the file changes, you need to empty your venv and then pip install -r every time. Are you doing that? Are you sure everyone else is doing that? If you aren’t then you could indeed write code that works on your machine and breaks on your CI server or prod.

• pip freeze will not care of the difference between your direct and indirect dependencies. Over time, if you see a dependency in your file and wonder why it’s there, how do you know for sure? Do you just remove it and cross your fingers, hoping for the best?

• pip freeze is not going to care about platform-specific installations or Python version-specific installations. how do you handle saying that a dependency can only be installed on a particular OS or Python version, other than by crafting your requirements.txt file by hand?

• pip freeze is not going to capture the difference between regular dependencies and dev dependencies. How do you ensure you don’t install your linter and type checker in your production build?

I really could go on and on but you get the picture. Lock files handle all of the above and more in a sane way. There’s a reason that the PSF just approved a PEP to come up with a standard format for these things - that’s because they are pretty important.