diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..f4c0eb6
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - contentstack-express > lodash:
+        patched: '2022-05-17T20:38:50.364Z'
diff --git a/package.json b/package.json
index 069cc56..31ef305 100644
--- a/package.json
+++ b/package.json
@@ -1,10 +1,14 @@
 {
-    "name": "corporate-theme",
-    "version": "0.0.1",
-    "dependencies": {
-        "contentstack-express": "^3.0.0"
-    },
-    "scripts": {
-        "start": "node app.js"
-    }
+  "name": "corporate-theme",
+  "version": "0.0.1",
+  "dependencies": {
+    "contentstack-express": "^3.0.0",
+    "@snyk/protect": "latest"
+  },
+  "scripts": {
+    "start": "node app.js",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
+  },
+  "snyk": true
 }