diff --git a/examples/exchange-files-in-browser/.snyk b/examples/exchange-files-in-browser/.snyk
new file mode 100644
index 00000000..97fa5f83
--- /dev/null
+++ b/examples/exchange-files-in-browser/.snyk
@@ -0,0 +1,12 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:lodash:20180130':
+    - ipfs > ipld > ipld-zcash > zcash-bitcore-lib > lodash:
+        patched: '2020-04-03T06:19:59.983Z'
+    - ipfs > ipfs-unixfs-engine > ipld > ipld-zcash > zcash-bitcore-lib > lodash:
+        patched: '2020-04-03T06:19:59.983Z'
+    - ipfs > ipfs-mfs > ipfs-unixfs-engine > ipld > ipld-zcash > zcash-bitcore-lib > lodash:
+        patched: '2020-04-03T06:19:59.983Z'
diff --git a/examples/exchange-files-in-browser/package.json b/examples/exchange-files-in-browser/package.json
index 7c87dbda..8d8a0ea3 100644
--- a/examples/exchange-files-in-browser/package.json
+++ b/examples/exchange-files-in-browser/package.json
@@ -4,7 +4,9 @@
   "scripts": {
     "bundle": "browserify public/app.js > public/bundle.js",
     "start": "http-server -c-1 -p 12345 public",
-    "dev": "npm run bundle && npm run start"
+    "dev": "npm run bundle && npm run start",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "license": "MIT",
   "devDependencies": {
@@ -13,6 +15,8 @@
   },
   "dependencies": {
     "ipfs": "0.30.0",
-    "stream-buffers": "^3.0.1"
-  }
+    "stream-buffers": "^3.0.1",
+    "snyk": "^1.305.0"
+  },
+  "snyk": true
 }