diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000000..c415a035bf
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,14 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.19.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - socket.io-client > engine.io-client > debug:
+        patched: '2020-08-09T02:00:32.981Z'
+  'npm:ms:20151024':
+    - socket.io-client > engine.io-client > debug > ms:
+        patched: '2020-08-09T02:00:32.981Z'
+  'npm:ws:20160920':
+    - socket.io-client > engine.io-client > ws:
+        patched: '2020-08-09T02:00:32.981Z'
diff --git a/package.json b/package.json
index 8486cb5d03..56027cc5f8 100644
--- a/package.json
+++ b/package.json
@@ -18,7 +18,9 @@
     "url": "git://github.com/Automattic/socket.io"
   },
   "scripts": {
-    "test": "mocha --reporter dot --slow 200ms --bail"
+    "test": "mocha --reporter dot --slow 200ms --bail",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "dependencies": {
     "engine.io": "automattic/engine.io#ab2bd0",
@@ -26,7 +28,8 @@
     "socket.io-client": "automattic/socket.io-client#ba31817",
     "socket.io-adapter": "automattic/socket.io-adapter#de5cba",
     "has-binary": "0.1.6",
-    "debug": "2.1.3"
+    "debug": "2.1.3",
+    "snyk": "^1.370.1"
   },
   "devDependencies": {
     "mocha": "1.16.2",
@@ -52,5 +55,6 @@
       "name": "Einar Otto Stangvik",
       "email": "einaros@gmail.com"
     }
-  ]
+  ],
+  "snyk": true
 }