diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..3405fe6
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.12.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:lodash:20180130':
+    - chokidar-cli > lodash:
+        patched: '2018-07-02T21:58:37.321Z'
diff --git a/package.json b/package.json
index 3b5e487..27c0f6a 100644
--- a/package.json
+++ b/package.json
@@ -17,7 +17,9 @@
     "start:dev": "concurrently \"npm run start:back\" \"npm run start:front\"",
     "build-css": "tachyons src/css/app.css > src/index.css --minify",
     "watch-css": "chokidar src/css/app.css -c 'npm run build-css'",
-    "heroku-postbuild": "npm install && npm install --only=dev --no-shrinkwrap && npm run build"
+    "heroku-postbuild": "npm install && npm install --only=dev --no-shrinkwrap && npm run build",
+    "snyk-protect": "snyk protect",
+    "prepare": "npm run snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -57,12 +59,14 @@
     "tabletop": "^1.5.2",
     "tachyons": "^4.9.0",
     "tachyons-cli": "^1.2.0",
-    "unfetch": "^3.0.0"
+    "unfetch": "^3.0.0",
+    "snyk": "^1.88.0"
   },
   "devDependencies": {
     "concurrently": "^3.5.0",
     "nodemon": "^1.12.1",
     "env2": "^2.2.0"
   },
-  "proxy": "http://localhost:4000"
+  "proxy": "http://localhost:4000",
+  "snyk": true
 }