diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..d1f0d08
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..34b23da
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+/build/
+/node_modules/
diff --git a/README.md b/README.md
index 5926938..db7f312 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,15 @@
-# Simple React Calculator 
\ No newline at end of file
+# Simple React Calculator 
+
+## Automated dependency updates
+
+This asks GitHub to run
+["dependabot"](https://docs.github.com/en/code-security/dependabot)
+periodically over the repo code base.
+Dependabot is a key tool to ensure that your code dependencies are up to date,
+especially for security concerns.
+
+Dependabot will file PRs for your project when it finds updates, and suggest
+how to update your package files.
+
+See [`.github/dependabot.yml`] to configure.
+Presently it is set to check daily.