diff --git a/src/deep-framework/.snyk b/src/deep-framework/.snyk
new file mode 100644
index 00000000..2556ec03
--- /dev/null
+++ b/src/deep-framework/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.19.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:lodash:20180130':
+    - deep-cache > ioredis > lodash:
+        patched: '2020-12-31T08:47:34.309Z'
diff --git a/src/deep-framework/package.json b/src/deep-framework/package.json
index bfb4bb28..7eebef19 100644
--- a/src/deep-framework/package.json
+++ b/src/deep-framework/package.json
@@ -68,10 +68,11 @@
   "scripts": {
     "compile-travis": "bash ../../bin/compile-lib.sh .",
     "compile": "bash node-bin/compile.sh",
-    "prepublish": "npm run compile && npm run browser-build",
+    "prepublish": "npm run snyk-protect && npm run compile && npm run browser-build",
     "browser-build": "bash node-bin/browser_build.sh",
     "prepare-production": "bash hooks/prepare_production.sh",
-    "final-prepare-production": "bash hooks/final_prepare_production.sh"
+    "final-prepare-production": "bash hooks/final_prepare_production.sh",
+    "snyk-protect": "snyk protect"
   },
   "dependencies": {
     "aws-sdk": "^2.70.0",
@@ -98,7 +99,8 @@
     "store": "^2.0.4",
     "uglify-js": "github:mishoo/UglifyJS2#harmony-v2.8.22",
     "uglifyjs-webpack-plugin": "^0.4.3",
-    "webpack": "^2.6.1"
+    "webpack": "^2.6.1",
+    "snyk": "^1.437.3"
   },
   "devDependencies": {},
   "engines": {
@@ -109,5 +111,6 @@
   "analyze": true,
   "jspm": {
     "main": "browser/framework.js"
-  }
+  },
+  "snyk": true
 }