diff --git a/.snyk b/.snyk
new file mode 100644
index 000000000..99fc75e9a
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,30 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.21.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:hoek:20180212':
+    - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > hawk > hoek:
+        patched: '2021-08-04T20:27:48.774Z'
+    - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > hawk > boom > hoek:
+        patched: '2021-08-04T20:27:48.774Z'
+    - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > hawk > sntp > hoek:
+        patched: '2021-08-04T20:27:48.774Z'
+    - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > hawk > cryptiles > boom > hoek:
+        patched: '2021-08-04T20:27:48.774Z'
+  'npm:mime:20170907':
+    - grunt-contrib-connect > connect > send > mime:
+        patched: '2021-08-04T20:27:48.774Z'
+    - grunt-saucelabs > sauce-tunnel > request > mime:
+        patched: '2021-08-04T20:27:48.774Z'
+    - grunt-saucelabs > sauce-tunnel > request > form-data > mime:
+        patched: '2021-08-04T20:27:48.774Z'
+  'npm:request:20160119':
+    - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request:
+        patched: '2021-08-04T20:27:48.774Z'
+  'npm:tough-cookie:20170905':
+    - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > tough-cookie:
+        patched: '2021-08-04T20:27:48.774Z'
+  'npm:tunnel-agent:20170305':
+    - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > tunnel-agent:
+        patched: '2021-08-04T20:27:48.774Z'
diff --git a/package.json b/package.json
index db65f5586..f0e49b7b7 100644
--- a/package.json
+++ b/package.json
@@ -26,25 +26,30 @@
   "bugs": {
     "url": "https://github.com/eightmedia/hammer.js/issues"
   },
-  "dependencies": {},
+  "dependencies": {
+    "@snyk/protect": "latest"
+  },
   "devDependencies": {
-    "grunt": "0.4.x",
-    "grunt-contrib-connect": "0.5.x",
+    "grunt": "1.3.0",
+    "grunt-contrib-connect": "0.9.0",
     "grunt-contrib-concat": "0.3.x",
-    "grunt-contrib-uglify": "0.2.x",
-    "grunt-contrib-jshint": "0.7.x",
-    "grunt-contrib-watch": "0.5.x",
+    "grunt-contrib-uglify": "0.4.0",
+    "grunt-contrib-jshint": "0.11.1",
+    "grunt-contrib-watch": "1.0.0",
     "grunt-tagrelease": "0.1.x",
     "faketouches": "git://github.com/jtangelder/faketouches.js.git",
-    "underscore": "1.5.x",
-    "grunt-saucelabs": "4.1.x",
-    "grunt-contrib-qunit": "~0.3.0"
+    "underscore": "1.12.1",
+    "grunt-saucelabs": "8.5.0",
+    "grunt-contrib-qunit": "~1.0.0"
   },
   "main": "hammer.js",
   "engines": {
     "node": ">=0.8.0"
   },
   "scripts": {
-    "test": "grunt test"
-  }
+    "test": "grunt test",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
+  },
+  "snyk": true
 }