How to support CIDR in IP whitelisting for M2M?

I use the M2M client creds flow to enable customer to create their own API keys for the API.

For each API key, customer can specify an optional IP whitelisting. I put the whitelisted IP addresses in app metadata and then use the following Action to check IP whitelisting.

exports.onExecuteCredentialsExchange = async (event, api) => {
    const whitelist = event.client.metadata.ip_whitelist
    if (!whitelist.includes(event.request.ip)) {
      api.access.deny('invalid_request', "Access from your IP address is not allowed.");

This works for individual IP addresses, i.e, if client put, in whitelisted IPs. However, I couldn’t figure out how to support CIDR ranges, i.e, allowing customer to put in as range.

Any help/suggestions are much appreciated.