Product
Announcing Precomputed Reachability Analysis in Socket
Socket’s precomputed reachability slashes false positives by flagging up to 80% of vulnerabilities as irrelevant, with no setup and instant results.
By Martin Torp - Jul 30, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
is-in-subnet
Advanced tools
is-in-subnet
Check if an IPv4 or IPv6 address is contained in the given CIDR subnet
is-in-subnet 
Check if an IPv4 or IPv6 address is contained in the given CIDR subnet.
- Small
- Fast
- Simple syntax
- Full test coverage
- TypeScript-friendly
- Zero dependencies
- 🆕 Browser-friendly
See the 📖 Reference page for complete documentation.
Installation
With Node.js
npm install is-in-subnet
In a browser
This module is compatible with Browserify and other bundling tools. If you prefer to load it as a single file from a CDN:
- https://cdn.jsdelivr.net/npm/is-in-subnet@4/browser/isInSubnet.js
- https://cdn.jsdelivr.net/npm/is-in-subnet@4/browser/isInSubnet.min.js
The module is loaded as a global named isInSubnet.
Basic Usage
Node.js
const { isInSubnet } = require('is-in-subnet');
console.log(isInSubnet('10.5.0.1', '10.4.5.0/16')); // false
console.log(isInSubnet('10.5.0.1', '10.4.5.0/15')); // true
console.log(isInSubnet('2001:db8:f53a::1', '2001:db8:f53b::1:1/48')); // false
console.log(isInSubnet('2001:db8:f53a::1', '2001:db8:f531::1:1/44')); // true
Browser
console.log(isInSubnet.isInSubnet('10.5.0.1', '10.4.5.0/16'));
// if you don’t like that syntax, you may use this instead:
console.log(isInSubnet.check('10.5.0.1', '10.4.5.0/16'));
More ways to use it
Test multiple subnets at once
- You can pass an array instead of a single subnet.
const inAnySubnet = isInSubnet('10.5.0.1', ['10.4.5.0/16', '192.168.1.0/24']);
Amortise the parsing cost using a functional version
createChecker(subnetOrSubnets)returns a function used to check an address
const checker = createChecker(['10.4.5.0/16', '192.168.1.0/24']);
console.log(checker('10.5.0.1')); // true
Test for special types of addresses
isPrivate(address)— Private addresses (like192.168.0.0)isLocalhost(address)— Localhost addresses (like::1)
And more. See the documentation.
Check if an address is valid
isIPv4(address),isIPv6(address),isIP(address)— works just like the similarly-named functions in Node’snetmodule.
FAQs
Check if an IPv4 or IPv6 address is contained in the given CIDR subnet
The npm package is-in-subnet receives a total of 31,830 weekly downloads. As such, is-in-subnet popularity was classified as popular.
We found that is-in-subnet demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 10 Dec 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Protects the Chrome Extension Ecosystem
Socket is launching experimental protection for Chrome extensions, scanning for malware and risky permissions to prevent silent supply chain attacks.
By Mix Irving, Alexandros Kapravelos, Eli Insua - Jul 30, 2025
Product
Introducing Socket MCP for Claude Desktop
Add secure dependency scanning to Claude Desktop with Socket MCP, a one-click extension that keeps your coding conversations safe from malicious packages.
By Alexandros Kapravelos - Jul 29, 2025