Hi,

ip has a CVE open for some time now and no new release appears. Please consider replacing the ip dependency with something which is still maintained by its authors. NPM itself switched to https://www.npmjs.com/package/ip-address for example.

see indutny/node-ip#150