diff --git a/packages/isomorphic-core/.snyk b/packages/isomorphic-core/.snyk
new file mode 100644
index 0000000000..2dc7f063ac
--- /dev/null
+++ b/packages/isomorphic-core/.snyk
@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:hoek:20180212':
+    - imap-provider-settings > request > hawk > cryptiles > boom > hoek:
+        patched: '2024-09-16T18:46:51.314Z'
+        id: 'npm:hoek:20180212'
+        path: imap-provider-settings > request > hawk > cryptiles > boom > hoek
diff --git a/packages/isomorphic-core/package.json b/packages/isomorphic-core/package.json
index ac011d3284..d7efabd509 100644
--- a/packages/isomorphic-core/package.json
+++ b/packages/isomorphic-core/package.json
@@ -4,7 +4,9 @@
   "description": "Packages use isomorphically on n1-cloud and client-sync",
   "main": "index.js",
   "scripts": {
-    "test": "babel-node spec/run.es6"
+    "test": "babel-node spec/run.es6",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "dependencies": {
     "atob": "2.0.3",
@@ -14,7 +16,7 @@
     "jasmine": "2.x.x",
     "joi": "8.4.2",
     "libhoney": "1.0.0-beta.2",
-    "nodemailer": "2.5.0",
+    "nodemailer": "4.0.1",
     "promise-props": "1.0.0",
     "promise.prototype.finally": "1.0.1",
     "rx-lite": "4.0.8",
@@ -23,8 +25,10 @@
     "xoauth2": "1.2.0",
     "he": "1.1.0",
     "iconv": "2.2.1",
-    "mimelib": "0.2.19"
+    "mimelib": "0.2.19",
+    "@snyk/protect": "latest"
   },
   "author": "Nylas",
-  "license": "ISC"
+  "license": "ISC",
+  "snyk": true
 }