The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their projects.
Even worse, the CVE is effectively “if you use the package wrong, you get weird results”.
The affected method has signature
function isPrivate(ip: string): boolean. Passing in a hex number is not a string, and a method (toString) exists for this.