I write my high level dependencies by hand in a "requirements.in" for applications, and in "pyproject.toml" for libraries.

A simple "requirements.in" I did over this weekend was a single dependency:

    miniboss >=0.4, <0.5

And used pip-compile to pin all transitive dependencies:

    pip-compile -o requirements.txt requirements.in

This generated a "requirements.txt" with 14 dependencies with pinned versions:

    attrs==25.3.0
    ...13 more dependencies
    

It's then only a matter of running "pip install -r requirements.txt" in the venv for my "application" (wrapper scripts for Docker).

I've largely settled on this scheme for work and person projects because it's simple (only dev dependency is pip-tools or uv), and it doesn't tie me to a particular Python project management tool (pipenv, pdm, poetry, etc.).