diff --git a/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esutils/.snyk b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esutils/.snyk
new file mode 100644
index 0000000000000..4cfe8b839eed7
--- /dev/null
+++ b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esutils/.snyk
@@ -0,0 +1,14 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:minimatch:20160620':
+    - jshint > cli > glob > minimatch:
+        patched: '2024-10-22T15:19:14.901Z'
+        id: 'npm:minimatch:20160620'
+        path: jshint > cli > glob > minimatch
+    - mocha > glob > minimatch:
+        patched: '2024-10-22T15:19:14.901Z'
+        id: 'npm:minimatch:20160620'
+        path: mocha > glob > minimatch
diff --git a/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esutils/package.json b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esutils/package.json
index ddce20bff3dd8..e18f162305df2 100644
--- a/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esutils/package.json
+++ b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esutils/package.json
@@ -29,8 +29,8 @@
   "devDependencies": {
     "chai": "~1.7.2",
     "coffee-script": "~1.6.3",
-    "jshint": "2.6.3",
-    "mocha": "~2.2.1",
+    "jshint": "2.13.4",
+    "mocha": "~10.1.0",
     "regenerate": "~1.2.1",
     "unicode-7.0.0": "^0.1.5"
   },
@@ -44,6 +44,12 @@
     "test": "npm run-script lint && npm run-script unit-test",
     "lint": "jshint lib/*.js",
     "unit-test": "mocha --compilers coffee:coffee-script -R spec",
-    "generate-regex": "node tools/generate-identifier-regex.js"
+    "generate-regex": "node tools/generate-identifier-regex.js",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
+  },
+  "snyk": true,
+  "dependencies": {
+    "@snyk/protect": "latest"
   }
 }