diff --git a/example/hmr/.snyk b/example/hmr/.snyk
new file mode 100644
index 0000000..b4f3c9f
--- /dev/null
+++ b/example/hmr/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - browserify-hmr > lodash:
+        patched: '2020-04-30T22:31:25.659Z'
diff --git a/example/hmr/package.json b/example/hmr/package.json
index 1f2d6c7..74b039f 100644
--- a/example/hmr/package.json
+++ b/example/hmr/package.json
@@ -3,12 +3,16 @@
   "dependencies": {
     "browserify-hmr": "^0.3.6",
     "ecstatic": "^3.1.1",
-    "watchify": "^3.9.0"
+    "watchify": "^3.9.0",
+    "snyk": "^1.316.1"
   },
   "scripts": {
     "watch": "watchify -p browserify-hmr main.js -o public/bundle.js -dv",
     "build": "browserify main.js > public/bundle.js",
     "www": "ecstatic -p 8000 public",
-    "start": "npm run www & npm run watch"
-  }
+    "start": "npm run www & npm run watch",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
+  },
+  "snyk": true
 }