The name might be infringement or the code might abuse their API. Or, GitHub could decide it's not worth it. Why would you try to scan every IP address?
A valid use case for wanting to know the “real” IP of a site hiding behind CloudFlare is being able to access the website from a Tor IP address (which they categorically block). For users in a country with censored internet, such a service would be essential.
Everytime I check this statement with Cloudflare-enabled sites... it was either always accessible (a nagging screen might be shown momentarily, but that's it), or the block is usually due to that site being a bank or something else that will block Tor users regardless of their firewall solutions. I've just tested it again just in case something has changed, but that statement holds up every time.
Can you please give a non-banking site that a) uses Cloudflare and b) blocks Tor?
Cloudflare doesn't automatically block Tor exit nodes, they just tend to earn a bad reputation. As a site owner you can decide what to do with that, the basic protection level issues CAPTCHA challenges.
Cloudflare also has it's own onion service, sites can opt in, and Cloudflare's public DNS is also available over it, sidestepping the need to go over exit nodes after the first request.
With Cloudflare's tunnels, there's no longer even a need to allow direct connections from the outside world.
In my own testing it wasn't too terrible to setup firewall rules and mutual TLS-based authentication of origin pulls, but it is certainly something where you have to do everything right to be as secure as you think you are. Versus just closing off inbound connections entirely and running cloudflared