diff --git a/.snyk b/.snyk
new file mode 100644
index 000000000000..44cf2516e2d0
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,12 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-450202:
+    - lodash:
+        patched: '2019-07-04T22:32:16.750Z'
+    - inquirer > lodash:
+        patched: '2019-07-04T22:32:16.750Z'
+    - table > lodash:
+        patched: '2019-07-04T22:32:16.750Z'
diff --git a/package.json b/package.json
index 3cf1f263fbda..b7ecd5facc91 100644
--- a/package.json
+++ b/package.json
@@ -20,7 +20,9 @@
     "perf": "node Makefile.js perf",
     "profile": "beefy tests/bench/bench.js --open -- -t brfs -t ./tests/bench/xform-rules.js -r espree",
     "coveralls": "cat ./coverage/lcov.info | coveralls",
-    "check-commit": "node Makefile.js checkGitCommit"
+    "check-commit": "node Makefile.js checkGitCommit",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "files": [
     "LICENSE",
@@ -67,7 +69,8 @@
     "strip-json-comments": "~2.0.1",
     "table": "^3.7.8",
     "text-table": "~0.2.0",
-    "user-home": "^2.0.0"
+    "user-home": "^2.0.0",
+    "snyk": "^1.192.0"
   },
   "devDependencies": {
     "babel-polyfill": "^6.9.1",
@@ -118,5 +121,6 @@
   "license": "MIT",
   "engines": {
     "node": ">=4"
-  }
+  },
+  "snyk": true
 }