Binding the inspector to a public IP (including 0.0.0.0) with an open port is insecure, as it allows external hosts to connect to the inspector and perform a [remote code execution][] attack.

    If specifying a host, make sure that either:

    • The host is not accessible from public networks.
    • A firewall disallows unwanted connections on the port.

    More specifically, --inspect=0.0.0.0 is insecure if the port (9229 by default) is not firewall-protected.

    See the [debugging security implications][] section for more information.