diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..8f9d643
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - inquirer > lodash:
+        patched: '2022-03-25T18:16:26.758Z'
diff --git a/package-lock.json b/package-lock.json
index a90e940..fa6a6a1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2761,6 +2761,11 @@
         "@sinonjs/commons": "^1.7.0"
       }
     },
+    "@snyk/protect": {
+      "version": "1.883.0",
+      "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.883.0.tgz",
+      "integrity": "sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw=="
+    },
     "@tootallnate/once": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-1.1.2.tgz",
diff --git a/package.json b/package.json
index 97807c2..6e4d5c2 100644
--- a/package.json
+++ b/package.json
@@ -22,7 +22,9 @@
     "test": "npx jest --coverage --passWithNoTests",
     "prepublishOnly": "npm run compile:prod",
     "semantic-commit": "npx commit",
-    "semantic-release": "npx semantic-release"
+    "semantic-release": "npx semantic-release",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "license": "MIT",
   "repository": {
@@ -51,7 +53,8 @@
     "inquirer": "^7.3.2",
     "keytar": "^6.0.1",
     "luxon": "^1.24.1",
-    "wakatime-client": "^2.6.0"
+    "wakatime-client": "^2.6.0",
+    "@snyk/protect": "latest"
   },
   "devDependencies": {
     "@babel/cli": "^7.10.1",
@@ -77,5 +80,6 @@
     "jest": "^26.0.1",
     "semantic-release": "^17.0.8",
     "utf-8-validate": "^5.0.2"
-  }
+  },
+  "snyk": true
 }