diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..1a64dd1
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:uglify-js:20151024':
+    - jade > transformers > uglify-js:
+        patched: '2022-10-04T18:47:17.374Z'
+    - jade > constantinople > uglify-js:
+        patched: '2022-10-04T18:47:17.374Z'
diff --git a/package.json b/package.json
index e48783a..f0a4592 100644
--- a/package.json
+++ b/package.json
@@ -3,17 +3,21 @@
   "version": "0.0.0",
   "private": true,
   "scripts": {
-    "start": "node ./bin/www"
+    "start": "node ./bin/www",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "dependencies": {
-    "express": "~4.9.0",
-    "body-parser": "~1.8.1",
+    "express": "~4.16.0",
+    "body-parser": "~1.17.1",
     "cookie-parser": "~1.3.3",
-    "morgan": "~1.3.0",
-    "serve-favicon": "~2.1.3",
-    "debug": "~2.0.0",
-    "jade": "~1.6.0",
+    "morgan": "~1.9.1",
+    "serve-favicon": "~2.4.5",
+    "debug": "~2.6.9",
+    "jade": "~1.8.0",
     "mongodb": "*",
-    "mongoose": "*"
-  }
+    "mongoose": "*",
+    "@snyk/protect": "latest"
+  },
+  "snyk": true
 }