diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..aad5577
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.12.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:tunnel-agent:20170305':
+    - phantomjs > request > tunnel-agent:
+        patched: '2018-10-23T23:26:03.565Z'
diff --git a/package.json b/package.json
index 9ab05b3..c9efefa 100644
--- a/package.json
+++ b/package.json
@@ -7,7 +7,9 @@
     "test": "./node_modules/karma/bin/karma start",
     "posttest": "jshint Imager.js",
     "test:watch": "npm run test -- --auto-watch --no-single-run",
-    "build": "uglifyjs ./Imager.js -c -m -o ./Imager.min.js --source-map ./Imager.map.js && mv -f Imager.{map,min}.js ./dist"
+    "build": "uglifyjs ./Imager.js -c -m -o ./Imager.min.js --source-map ./Imager.map.js && mv -f Imager.{map,min}.js ./dist",
+    "snyk-protect": "snyk protect",
+    "prepare": "npm run snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -36,9 +38,13 @@
     "karma-mocha": "^0.2.0",
     "karma-phantomjs-launcher": "^0.2.0",
     "karma-sinon": "^1.0.3",
-    "mocha": "^2.0.0",
+    "mocha": "^3.0.0",
     "phantomjs": "^1.9.19",
     "sinon": "^1.8.1",
     "uglify-js": "^2.4.3"
+  },
+  "snyk": true,
+  "dependencies": {
+    "snyk": "^1.104.2"
   }
 }