The demo currently only looks for these services but in theory could detect anything that opens a listener on a fixed port number: MySQL, Redis, ElasticSearch, MongoDB, Dropbox, Steam, DAAP media players, and Tor (daemon, browser, or Brave Tor mode).
You could also check for the LAN IP with WebRTC and scan (at least that network as a /24) for services. You'd probably want to do something like that in a worker. Besides that, obviously browsers should seek permission for web sites to access resources from loopback/RFC1918/RC4193 addresses. You will however usually not be able to get information from them (CORS) but might affect services (get a ROKU to open an app etc.) with GET/POSTS to certain services or devices.
I've been trying to accumulate a list of some of the more popular services that can be discovered this way here: https://github.com/wybiral/localtoast/blob/master/js/index.j...
It works in Chrome, Firefox, and curiously enough even the Tor mode of Brave Browser. Safari doesn't seem to allow these types of requests.