diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..0a15ce9
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,13 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.3
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:hoek:20180212':
+    - passport-jwt > jsonwebtoken > joi > hoek:
+        patched: '2019-03-29T21:38:27.050Z'
+    - passport-jwt > jsonwebtoken > joi > topo > hoek:
+        patched: '2019-03-29T21:38:27.050Z'
+  'npm:uglify-js:20151024':
+    - jade > transformers > uglify-js:
+        patched: '2019-03-29T21:38:27.050Z'
diff --git a/package.json b/package.json
index 0de981c..4ef7876 100644
--- a/package.json
+++ b/package.json
@@ -3,30 +3,33 @@
   "version": "0.0.0",
   "private": true,
   "scripts": {
-    "start": "node ./bin/www"
+    "start": "node ./bin/www",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "dependencies": {
     "babel-plugin-transform-async-to-module-method": "^6.22.0",
     "bcrypt": "^1.0.2",
     "bluebird": "^3.4.7",
-    "body-parser": "~1.15.2",
+    "body-parser": "~1.18.2",
     "chalk": "^1.1.3",
     "cookie-parser": "~1.4.3",
-    "debug": "~2.2.0",
-    "express": "~4.14.0",
+    "debug": "~2.6.9",
+    "express": "~4.16.0",
     "jade": "~1.11.0",
-    "jsonwebtoken": "^7.2.1",
+    "jsonwebtoken": "^8.0.0",
     "lodash": "^4.17.4",
     "moment": "^2.17.1",
     "mongoose": "^4.7.7",
-    "morgan": "~1.7.0",
+    "morgan": "~1.9.1",
     "nconf": "^0.8.4",
     "passport": "^0.3.2",
     "passport-jwt": "^2.2.1",
     "request": "^2.79.0",
     "request-promise": "^4.1.1",
-    "serve-favicon": "~2.3.0",
-    "uuid": "^3.0.1"
+    "serve-favicon": "~2.4.5",
+    "uuid": "^3.0.1",
+    "snyk": "^1.143.5"
   },
   "devDependencies": {
     "babel-cli": "^6.18.0",
@@ -35,5 +38,6 @@
     "babel-preset-stage-2": "^6.18.0",
     "babel-register": "^6.18.0",
     "karma": "^1.3.0"
-  }
+  },
+  "snyk": true
 }