diff --git a/.snyk b/.snyk
new file mode 100644
index 00000000000..10ae829a419
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - jsdom > request-promise-native > request-promise-core > lodash:
+        patched: '2020-05-01T05:45:26.983Z'
diff --git a/package.json b/package.json
index b1d5b5cdd6d..cda3a8ebfd7 100644
--- a/package.json
+++ b/package.json
@@ -18,9 +18,10 @@
     "name": "Neil Fraser"
   },
   "scripts": {
-    "prepare": "gulp blockly_javascript_en",
+    "prepare": "npm run snyk-protect && gulp blockly_javascript_en",
     "lint": "eslint .",
-    "test": "tests/run_all_tests.sh"
+    "test": "tests/run_all_tests.sh",
+    "snyk-protect": "snyk protect"
   },
   "license": "Apache-2.0",
   "private": true,
@@ -51,6 +52,8 @@
     "unused": true
   },
   "dependencies": {
-    "jsdom": "^13.0.0"
-  }
+    "jsdom": "^13.0.0",
+    "snyk": "^1.316.1"
+  },
+  "snyk": true
 }