diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..99892d1
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - inquirer > lodash:
+        patched: '2023-01-23T05:57:07.570Z'
diff --git a/package-lock.json b/package-lock.json
index e8c8a5b..41e86d9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -127,6 +127,11 @@
       "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-0.14.0.tgz",
       "integrity": "sha512-9NET910DNaIPngYnLLPeg+Ogzqsi9uM4mSboU5y6p8S5DzMTVEsJZrawi+BoDNUVBa2DhJqQYUFvMDfgU062LQ=="
     },
+    "@snyk/protect": {
+      "version": "1.1088.0",
+      "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.1088.0.tgz",
+      "integrity": "sha512-5l6A2LcqV5heAJnWZvEhJ4YuolqVpqbZJO/2lVX9Kp+430aeZB0O4uRnClCVo0fNZ/zhWMNhK8i4rPv8oZ6GRg=="
+    },
     "@szmarczak/http-timer": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-1.1.2.tgz",
diff --git a/package.json b/package.json
index 5e7c6ea..858dbd2 100644
--- a/package.json
+++ b/package.json
@@ -13,7 +13,9 @@
     "create-react-library": "index.js"
   },
   "scripts": {
-    "test": "ava -v && standard *.js lib/*.js"
+    "test": "ava -v && standard *.js lib/*.js",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "keywords": [
     "react",
@@ -44,7 +46,8 @@
     "p-each-series": "^2.1.0",
     "parse-git-config": "^3.0.0",
     "validate-npm-package-name": "^3.0.0",
-    "which": "^2.0.2"
+    "which": "^2.0.2",
+    "@snyk/protect": "latest"
   },
   "devDependencies": {
     "ava": "^3.5.2",
@@ -58,5 +61,6 @@
       "index.test.js",
       "lib/**/*.test.js"
     ]
-  }
+  },
+  "snyk": true
 }