is it secure to listen on *:4001 ?

[Un1Gfn]

vscode 1.85.1 on macOS Sonoma 14.2.1

sudo lsof -i -P | grep -i listen

I get *:4001 instead of localhost:4001.

I think the default shall be listening on localhost only.

Probably offering an option in extension settings that allows changing the IP address on which it listens.

[fregante]

Good question. I don’t think that was intentional since I didn't specify which host to respond to:

https://github.com/fregante/GhostText-for-VSCode/blob/6f8f5f2fa96cb7f7287c4eda6fc56ba7d9960115/source/server.ts#L50

The Sublime Text version also doesn't specify the host, but its default behavior might be different:

https://github.com/GhostText/GhostText-for-SublimeText/blob/8ace809a1788ce99268cd585ac5c6635e84320f1/GhostText.py#L74