I wouldn't exactly call this a failure of the JS ecosystem. The Express documentation you've linked to mentions that the host is the (optional) second argument to the listen function:
Are you talking about the difference between 0.0.0.0 and 127.0.0.1 /localhost (loopback address)? If so It should be a tiny thing to change to implement I can add that on the next update- I just went with the express JS defaults to keep things simple:)
Or I can even make a flag to configure this :thinking
If you do make it configurable, it's still a good idea to make the default `127.0.0.1` for the reasons @ggpsv mentioned. Since the link automatically opens at `http://localhost:PORT` anyway, it's an easy security win.
`app.listen` uses the same signature as Node's `server.listen`. You can specify the `host` [0] or else it defaults to `0.0.0.0`. This means that when you run this service, it will be accessible to anyone that can reach the server.
Typically, services allow you set the host address by configuration. This way you can set it to `127.0.0.1` so that it is only available locally.
https://github.com/soorajshankar/logScreen/blob/f8b29aaef428...
So this will be sharing your logs with the world if you run this outside of a trusted network. (And personally I avoid trusting any networks)