diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..0f9ffbb
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,22 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-450202:
+    - travis-deploy-once > @babel/core > lodash:
+        patched: '2019-07-03T23:22:15.364Z'
+    - travis-deploy-once > @babel/core > @babel/types > lodash:
+        patched: '2019-07-03T23:22:15.364Z'
+    - travis-deploy-once > @babel/preset-env > @babel/plugin-proposal-unicode-property-regex > @babel/helper-regex > lodash:
+        patched: '2019-07-03T23:22:15.364Z'
+    - travis-deploy-once > @babel/preset-env > @babel/plugin-transform-parameters > @babel/helper-get-function-arity > @babel/types > lodash:
+        patched: '2019-07-03T23:22:15.364Z'
+    - travis-deploy-once > @babel/core > @babel/helpers > @babel/traverse > @babel/generator > @babel/types > lodash:
+        patched: '2019-07-03T23:22:15.364Z'
+    - travis-deploy-once > @babel/preset-env > @babel/plugin-proposal-async-generator-functions > @babel/helper-remap-async-to-generator > @babel/helper-wrap-function > @babel/helper-function-name > @babel/types > lodash:
+        patched: '2019-07-03T23:22:15.364Z'
+    - travis-deploy-once > @babel/preset-env > @babel/plugin-transform-async-to-generator > @babel/helper-remap-async-to-generator > @babel/helper-wrap-function > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash:
+        patched: '2019-07-03T23:22:15.364Z'
+    - travis-deploy-once > @babel/preset-env > @babel/plugin-proposal-async-generator-functions > @babel/helper-remap-async-to-generator > @babel/helper-wrap-function > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash:
+        patched: '2019-07-03T23:22:15.364Z'
diff --git a/package.json b/package.json
index 3e53315..f6b9a2d 100644
--- a/package.json
+++ b/package.json
@@ -12,7 +12,9 @@
     "docs:coverage": "compodoc -p ./tsconfig.docs.json --disableLifeCycleHooks --disableInternal --coverageMinimumPerFile 100",
     "docs:build.prod": "yarn docs:coverage && compodoc -p ./tsconfig.docs.json --disableLifeCycleHooks --disableInternal --disablePrivate --disableProtected --name NgActionOutlet --output docs",
     "docs:build.serve": "compodoc -p ./tsconfig.docs.json --disableLifeCycleHooks --disableInternal -s -w",
-    "lint:md": "remark ."
+    "lint:md": "remark .",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "private": true,
   "dependencies": {
@@ -30,7 +32,8 @@
     "hammerjs": "^2.0.8",
     "rxjs": "^6.4.0",
     "travis-deploy-once": "^5.0.9",
-    "zone.js": "~0.9.1"
+    "zone.js": "~0.9.1",
+    "snyk": "^1.189.0"
   },
   "devDependencies": {
     "@angular-devkit/build-angular": "~0.800.0",
@@ -90,5 +93,6 @@
   "engines": {
     "node": ">= 8.12.0",
     "yarn": ">= 1.10.1"
-  }
+  },
+  "snyk": true
 }
\ No newline at end of file