diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..09a09cf
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,12 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.7.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:ms:20170412':
+    - socket.io > socket.io-adapter > socket.io-parser > debug > ms:
+        patched: '2017-05-25T08:41:03.370Z'
+    - socket.io > socket.io-adapter > debug > ms:
+        patched: '2017-05-25T08:41:03.370Z'
+    - socket.io > socket.io-client > debug > ms:
+        patched: '2017-05-25T08:41:03.370Z'
diff --git a/package.json b/package.json
index cd925f6..ce57f11 100644
--- a/package.json
+++ b/package.json
@@ -12,7 +12,9 @@
     "client": "node ./client/app.js",
     "build": "export NODE_ENV=production; staticr ./master/public ./master/static-routes/browserify.js ./master/static-routes/less.js",
     "test": "node_modules/.bin/mocha --recursive test",
-    "cover": "istanbul cover node_modules/.bin/_mocha -- -u exports -R spec --recursive test"
+    "cover": "istanbul cover node_modules/.bin/_mocha -- -u exports -R spec --recursive test",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "dependencies": {
     "array.prototype.find": "^1.0.0",
@@ -23,7 +25,7 @@
     "config": "^1.14.0",
     "cookie-parser": "~1.3.5",
     "cron": "^1.0.9",
-    "debug": "~2.2.0",
+    "debug": "~2.6.7",
     "deep-equal": "^1.0.0",
     "express": "^4.12.4",
     "hbs": "^3.1.0",
@@ -36,9 +38,10 @@
     "rpi-gpio": "^0.5.2",
     "serve-favicon": "^2.2.1",
     "sinon": "^1.15.4",
-    "socket.io": "^1.3.5",
+    "socket.io": "^2.0.0",
     "touch": "0.0.3",
-    "winston": "^1.0.1"
+    "winston": "^1.0.1",
+    "snyk": "^1.30.1"
   },
   "devDependencies": {
     "autoprefixer-core": "^5.2.1",
@@ -67,5 +70,6 @@
     "socket.io-client": "^1.3.5",
     "staticr": "^3.1.1",
     "uglify-js": "^2.4.23"
-  }
+  },
+  "snyk": true
 }