Snyk will add itself either to your project's dependencies or it's devDependencies, depending on how you use Snyk.
snyk wizard to patch your project with Snyk’s CLI, you are prompted with:
? Add `snyk test` to package.json file to fail test on newly disclosed vulnerabilities?
This will require authentication via `snyk auth` when running tests. (y/N)
If you select y (yes), snyk will be added as a devDependency.
However, if you choose to protect upon installation of your package, Snyk will need to be bundled as a production dependency.