diff --git a/packages/isomorphic-core/.snyk b/packages/isomorphic-core/.snyk
new file mode 100644
index 0000000000..ce96128ebe
--- /dev/null
+++ b/packages/isomorphic-core/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:hoek:20180212':
+    - imap-provider-settings > request > hawk > cryptiles > boom > hoek:
+        patched: '2022-06-22T07:44:51.951Z'
diff --git a/packages/isomorphic-core/package.json b/packages/isomorphic-core/package.json
index ac011d3284..a7962679de 100644
--- a/packages/isomorphic-core/package.json
+++ b/packages/isomorphic-core/package.json
@@ -4,7 +4,9 @@
   "description": "Packages use isomorphically on n1-cloud and client-sync",
   "main": "index.js",
   "scripts": {
-    "test": "babel-node spec/run.es6"
+    "test": "babel-node spec/run.es6",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "dependencies": {
     "atob": "2.0.3",
@@ -13,18 +15,20 @@
     "imap-provider-settings": "github:nylas/imap-provider-settings#e9913d1",
     "jasmine": "2.x.x",
     "joi": "8.4.2",
-    "libhoney": "1.0.0-beta.2",
+    "libhoney": "1.1.2",
     "nodemailer": "2.5.0",
     "promise-props": "1.0.0",
     "promise.prototype.finally": "1.0.1",
     "rx-lite": "4.0.8",
-    "sequelize": "3.28.0",
+    "sequelize": "5.22.5",
     "underscore": "1.8.3",
     "xoauth2": "1.2.0",
     "he": "1.1.0",
     "iconv": "2.2.1",
-    "mimelib": "0.2.19"
+    "mimelib": "0.2.19",
+    "@snyk/protect": "latest"
   },
   "author": "Nylas",
-  "license": "ISC"
+  "license": "ISC",
+  "snyk": true
 }