diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..01ac1df
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,12 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.12.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:lodash:20180130':
+    - keystone > asyncdi > lodash:
+        patched: '2018-07-03T02:38:26.195Z'
+    - keystone > cloudinary > lodash:
+        patched: '2018-07-03T02:38:26.195Z'
+    - keystone > grappling-hook > lodash:
+        patched: '2018-07-03T02:38:26.195Z'
diff --git a/package.json b/package.json
index 7667334..fe6799a 100644
--- a/package.json
+++ b/package.json
@@ -12,11 +12,11 @@
     "watch_tachyons": "postcss --watch --config ./postcss.config.js",
     "build_tachyons": "postcss --config ./postcss.config.js",
     "pre-deploy": "npm run test.e2e",
-    "deploy-staging":
-      "npm run pre-deploy && git checkout -B staging && git push origin staging -f",
-    "deploy-production":
-      "npm run pre-deploy && git checkout -B production && git push origin production -f",
-    "postinstall": "npm run build_tachyons"
+    "deploy-staging": "npm run pre-deploy && git checkout -B staging && git push origin staging -f",
+    "deploy-production": "npm run pre-deploy && git checkout -B production && git push origin production -f",
+    "postinstall": "npm run build_tachyons",
+    "snyk-protect": "snyk protect",
+    "prepare": "npm run snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -48,7 +48,8 @@
     "postcss-import": "^9.1.0",
     "pug": "^2.0.0-rc.1",
     "tachyons-custom": "^4.5.4",
-    "underscore": "^1.8.3"
+    "underscore": "^1.8.3",
+    "snyk": "^1.88.0"
   },
   "devDependencies": {
     "eslint": "^3.19.0",
@@ -56,5 +57,6 @@
     "nodemon": "^1.11.0",
     "selenium-download": "^2.0.10",
     "tape": "^4.7.0"
-  }
+  },
+  "snyk": true
 }