When you upgrade a Python module to fix a security vulnerability, you need to restart the Python processes that loaded it. So needrestart supports scanning all processes on the system to see if they are Python processes and if they loaded the Python modules that were upgraded. Same goes for Ruby and Perl, microcode and more.

The alternative approach is to just reboot after every upgrade like on Windows. That can be disruptive in some situations so needrestart was created to only restart the things that need restarting.

All of the above?

The Rust Foundation's 2nd bad draft trademark policy

I hacked the Dutch government and all I got was this t-shirt

You can't know that all services are running apt installed code, or if they are whether they were restarted already, and the dependencies don't encode what each binary loads at runtime. So scanning processes is the correct thing to do.