diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..d418e9e3
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: npm
+    directory: '/'
+    commit-message:
+      prefix: 'deps: '
+    schedule:
+      interval: weekly
+    # Disable version updates. We only want security.
+    open-pull-requests-limit: 0
+    labels:
+      - dependencies