Are we so sure that unpkg.com do indeed collect IP addresses? And if yes, what are they doing with it? Is it full IP addresses, or just a part of them?
Either you’re compliant or not, it’s as simple as that.
Literally, no. At least in France this is not how GDPR compliance is assessed by CNIL (based on their documentation). In particular, they will consider your processes regarding your GDPR compliance and the amount of data you are actually collecting compared to your business need. If you are a small business, they may also provide you assistance to improve your compliance. For what I understand, GDPR compliance is even less stringent if you are an individual.
So saying “I’m not sure if Ghost is actually “fully” compliant, but it collects a very minimal amount of data. Also, I’m an individual, not a business” will definitely shield you from having to pay a hefty fine. At least in France – but I wouldn’t be surprised if it’s the same in the rest of the EU.
Once again, GDPR compliance is a fluid process. It has conditions, it’s a continuum, it can mean a lot of different things. Thinking about it as a yes/no question is in my opinion deeply misleading.