diff --git a/.snyk b/.snyk
new file mode 100644
index 000000000..c794e5d6d
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,14 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - request-promise > request-promise-core > lodash:
+        patched: '2020-04-30T23:47:38.368Z'
+    - '@babel/plugin-transform-runtime > @babel/helper-module-imports > @babel/types > lodash':
+        patched: '2020-04-30T23:47:38.368Z'
+    - preact-loading-skeleton > @babel/plugin-transform-runtime > @babel/helper-module-imports > @babel/types > lodash:
+        patched: '2020-04-30T23:47:38.368Z'
+    - preact-loading-skeleton > emotion > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash:
+        patched: '2020-04-30T23:47:38.368Z'
diff --git a/package.json b/package.json
index 8d4af158e..6c49ee050 100644
--- a/package.json
+++ b/package.json
@@ -13,7 +13,9 @@
     "lint:staged": "lint-staged",
     "clean": "shx rm -rf serve/",
     "scaffold": "npm run clean && shx mkdir -p serve/js && shx mkdir -p serve/stylesheets",
-    "browsersync": "wait-on -l ./serve/index.html && browser-sync --port 4000 start -s serve -f serve --extensions html"
+    "browsersync": "wait-on -l ./serve/index.html && browser-sync --port 4000 start -s serve -f serve --extensions html",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -98,7 +100,9 @@
     "preact-loading-skeleton": "^1.2.2",
     "request-promise": "^4.2.2",
     "vex-dialog": "^1.0.6",
-    "vex-js": "^3.0.0"
+    "vex-js": "^3.0.0",
+    "snyk": "^1.316.1"
   },
-  "proxy": "http://localhost:9000"
+  "proxy": "http://localhost:9000",
+  "snyk": true
 }