diff --git a/config/pinned-packages.js b/config/pinned-packages.js
new file mode 100644
index 0000000..ac808ad
--- /dev/null
+++ b/config/pinned-packages.js
@@ -0,0 +1,34 @@
+// pinned-packages.js
+// Copyright (C) 2022 DTP Technologies, LLC
+// License: Apache 2.0
+
+/*
+ * The update-deps.js script automates updating dependencies, and will honor
+ * version specifications found here, if any.
+ * 
+ * This enables the developer to "pin" a package at a version specification that
+ * is guaranteed to work with the application.
+ */
+
+'use strict';
+
+module.exports = {
+  /*
+   * FontAwesome is being held back because they've lost their damn mind if they
+   * think I'm changing every CSS class. I'll stay on 5.15.4 forever.
+   */
+  "@fortawesome/fontawesome-free": {
+    version: "5.15.4",
+    exact: true,
+  },
+
+  /*
+   * node-fetch is being held at latest 2.x because I can't convert everything
+   * to a module quite yet (required for 3+). And, it's not that critical of a
+   * tool in this application stack.
+   */
+  "node-fetch": {
+    version: "2",
+    exact: false,
+  },
+};
\ No newline at end of file
diff --git a/update-deps b/update-deps
deleted file mode 100755
index 36914bd..0000000
--- a/update-deps
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/bin/bash
-
-yarn \
-  add @fortawesome/fontawesome-free \
-  anchorme \
-  argv \
-  bull \
-  chart.js \
-  compression \
-  connect-redis \
-  cookie-parser \
-  cron \
-  cropperjs \
-  diskusage-ng \
-  disposable-email-provider-domains \
-  dotenv \
-  ein-validator \
-  email-domain-check \
-  email-validator \
-  execa \
-  express \
-  express-limiter \
-  express-session \
-  feed \
-  geoip-lite \
-  glob \
-  highlight.js \
-  html-filter \
-  ioredis \
-  jsdom \
-  libphonenumber-js \
-  mailgun-js \
-  marked \
-  method-override \
-  minio \
-  moment \
-  mongoose \
-  morgan \
-  multer \
-  node-fetch@2 \
-  numeral \
-  otplib \
-  passport \
-  passport-local \
-  pug \
-  qrcode \
-  rate-limiter-flexible \
-  rotating-file-stream \
-  serve-favicon \
-  sharp \
-  slug \
-  socket.io \
-  socket.io-emitter \
-  @socket.io/redis-adapter \
-  striptags \
-  systeminformation \
-  tinymce \
-  uikit \
-  uniqid \
-  uuid \
-  zxcvbn
-
-yarn add -D \
-  browser-sync \
-  gulp \
-  gulp-concat \
-  gulp-jshint \
-  gulp-less \
-  gulp-nodemon \
-  gulp-plumber \
-  gulp-rename \
-  gulp-uglify-es \
-  terser-webpack-plugin \
-  webpack \
-  webpack-stream \
-  workbox-webpack-plugin
diff --git a/update-deps.js b/update-deps.js
new file mode 100644
index 0000000..b7e4e4f
--- /dev/null
+++ b/update-deps.js
@@ -0,0 +1,78 @@
+// update-deps.js
+// Copyright (C) 2022 DTP Technologies, LLC
+// License: Apache 2.0
+
+'use strict';
+
+const DTP_COMPONENT_NAME = 'webapp';
+
+require('dotenv').config();
+
+const path = require('path');
+
+const { spawn } = require('child_process');
+
+const { SiteAsync, SiteLog } = require(path.join(__dirname, 'lib', 'site-lib'));
+
+module.rootPath = __dirname;
+module.pkg = require(path.join(module.rootPath, 'package.json'));
+module.pinnedPackages = require(path.join(module.rootPath, 'config', 'pinned-packages'));
+module.log = new SiteLog(module, DTP_COMPONENT_NAME);
+
+module.runCommand = async (command, args) => {
+  return new Promise((resolve, reject) => {
+    module.log.info(command, { args });
+    const cmd = spawn(command, args);
+    cmd.stdout.on('data', (data) => {
+      const output = data.toString('utf8');
+      module.log.info(output);
+    });
+    cmd.stderr.on('data', (data) => {
+      const output = data.toString('utf8');
+      module.log.error(output);
+    });
+    cmd.on('error', (err) => {
+      reject(err);
+    });
+    cmd.on('close', (code) => {
+      resolve(code);
+    });
+  });
+};
+
+module.generateDepKeys = (dependencies) => {
+  const depKeys = Object.keys(dependencies).map((packageName) => {
+    const pin = module.pinnedPackages[packageName];
+    if (!pin) {
+      return packageName;
+    }
+    if (pin.exact) {
+      return `${packageName}@${pin.version} --exact`;
+    }
+    return `${packageName}@${pin.version}`;
+  });
+  return depKeys;
+};
+
+(async ( ) => {
+
+  try {
+    module.log.info('updating dependencies');
+    const depKeys = module.generateDepKeys(module.pkg.dependencies);
+    await module.runCommand('yarn', ['add', ...depKeys]);
+  } catch (error) {
+    module.error('failed to update dependencies', { error });
+    process.exit(-1);
+  }
+
+  try {
+    module.log.info('updating dev dependencies');
+    const depKeys = module.generateDepKeys(module.pkg.devDependencies);
+    await module.runCommand('yarn', ['add', '--dev', ...depKeys]);
+  } catch (error) {
+    module.error('failed to update dev dependencies', { error });
+    process.exit(-1);
+  }
+
+  module.log.info('dependencies updated successfully. Good luck with that!');
+})();
\ No newline at end of file