ip had a high severity SSRF vuln (GHSA-2p57-rm9w-gvfp) with no upstream fix.
Replace with:
- net.isIPv4/isIPv6 (Node built-in) for format validation
- ipaddr.js for CIDR subnet matching
Add package-lock.json for reproducible builds (required for npm ci).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Dockerized Fail2Ban + dashboard for Nginx Proxy Manager.
- Single-container image (fail2ban + Node.js + supervisord)
- Pre-built NPM filters: badbot, http-errors, npm-probe, manual-bans
- Web dashboard with live ban feed, log scanner, AbuseIPDB integration
- Configurable via environment variables and .env file
- Persistent volumes for config and ban history
- Webhook support for ban event notifications
- README, .gitignore, MIT license
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
