diff --git a/test/fixtures/qs-package/node_modules/cryptiles/.snyk b/test/fixtures/qs-package/node_modules/cryptiles/.snyk
new file mode 100644
index 0000000000..0ddd334089
--- /dev/null
+++ b/test/fixtures/qs-package/node_modules/cryptiles/.snyk
@@ -0,0 +1,11 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:lodash:20180130':
+    - lab > eslint-plugin-hapi > no-shadow-relaxed > eslint > inquirer > lodash:
+        patched: '2023-04-26T19:09:51.646Z'
+  'npm:minimatch:20160620':
+    - lab > eslint-plugin-hapi > no-shadow-relaxed > eslint > minimatch:
+        patched: '2023-04-26T19:09:51.646Z'
diff --git a/test/fixtures/qs-package/node_modules/cryptiles/package.json b/test/fixtures/qs-package/node_modules/cryptiles/package.json
index a2409ffb18..d630795072 100644
--- a/test/fixtures/qs-package/node_modules/cryptiles/package.json
+++ b/test/fixtures/qs-package/node_modules/cryptiles/package.json
@@ -47,12 +47,13 @@
     "url": "https://github.com/hapijs/cryptiles/issues"
   },
   "dependencies": {
-    "boom": "2.x.x"
+    "boom": "2.x.x",
+    "@snyk/protect": "latest"
   },
   "description": "General purpose crypto utilities",
   "devDependencies": {
-    "code": "1.x.x",
-    "lab": "5.x.x"
+    "code": "2.2.1",
+    "lab": "14.3.4"
   },
   "directories": {},
   "dist": {
@@ -90,7 +91,10 @@
   },
   "scripts": {
     "test": "lab -a code -t 100 -L",
-    "test-cov-html": "lab -a code -r html -o coverage.html"
+    "test-cov-html": "lab -a code -r html -o coverage.html",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
-  "version": "2.0.5"
+  "version": "2.0.5",
+  "snyk": true
 }