diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..51b3814
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - json-server > lodash:
+        patched: '2022-03-26T05:31:38.361Z'
+    - json-server > lowdb > lodash:
+        patched: '2022-03-26T05:31:38.361Z'
diff --git a/package-lock.json b/package-lock.json
index 6ba9c1d..852d500 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,6 +9,11 @@
       "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-0.14.0.tgz",
       "integrity": "sha512-9NET910DNaIPngYnLLPeg+Ogzqsi9uM4mSboU5y6p8S5DzMTVEsJZrawi+BoDNUVBa2DhJqQYUFvMDfgU062LQ=="
     },
+    "@snyk/protect": {
+      "version": "1.883.0",
+      "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.883.0.tgz",
+      "integrity": "sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw=="
+    },
     "@szmarczak/http-timer": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-1.1.2.tgz",
diff --git a/package.json b/package.json
index b1ccb43..fa8331c 100644
--- a/package.json
+++ b/package.json
@@ -5,7 +5,9 @@
   "main": "index.js",
   "scripts": {
     "dev": "nodemon ./index.js",
-    "secondary": "cross-env PORT=3001 nodemon ./index.js"
+    "secondary": "cross-env PORT=3001 nodemon ./index.js",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -20,9 +22,11 @@
   "dependencies": {
     "cross-env": "^7.0.2",
     "express": "^4.17.1",
-    "json-server": "^0.15.1"
+    "json-server": "^0.15.1",
+    "@snyk/protect": "latest"
   },
   "devDependencies": {
     "nodemon": "^2.0.2"
-  }
+  },
+  "snyk": true
 }
\ No newline at end of file