diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml
new file mode 100644
index 0000000..e6c0ae9
--- /dev/null
+++ b/.forgejo/workflows/deploy.yml
@@ -0,0 +1,60 @@
+on:
+  push:
+    branches:
+      - master
+
+
+jobs:
+  deploy:
+    runs-on: arch
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+      - name: Deply if new version
+        run: |
+          echo ""
+          echo "Checking following projects:"
+          for f in *; do
+            [ -d "$f" ] && [ ! -L "$f" ] && [ ! "$f" = "base" ] && echo " * $f";
+          done
+          echo ""
+
+          echo "//registry.npmjs.org/:_authToken=${{ secrets.npmtoken }}" > ~/.npmrc
+
+          for f in *; do
+            [ ! -d "$f" ] || [ -L "$f" ] || [ "$f" = "base" ] && continue;
+
+            echo ""
+            echo "------------------------------------"
+            echo ""
+            echo "checking $f";
+            cd $f
+
+            CURR_VER="$(cat package.json | jq -r .name)_v$(cat package.json | jq -r .version)"
+            CURR_NAME="$(cat package.json | jq -r .name) v$(cat package.json | jq -r .version)"
+
+            echo "Checking https://git.nfp.is/api/v1/repos/${{ github.repository }}/releases for name ${CURR_NAME}"
+
+            if curl -s -X GET -H "Authorization: token ${{ secrets.deploytoken }}" https://git.nfp.is/api/v1/repos/${{ github.repository }}/releases | grep -o "\"name\":\"${CURR_NAME}\"" > /dev/null; then
+              echo "Skipping ${{ github.job }} since $CURR_NAME already exists";
+              cd ..
+              continue;
+            fi
+
+            echo "New release ${CURR_VER} found, beginning publishing"
+
+            cp ../LICENSE ./
+            cp ../README.md ./
+
+            echo "Creating ${CURR_VER} release on forgejo"
+            curl \
+              -X POST \
+              -H "Authorization: token ${{ secrets.deploytoken }}" \
+              -H "Content-Type: application/json" \
+              https://git.nfp.is/api/v1/repos/${{ github.repository }}/releases \
+              -d "{\"tag_name\":\"${CURR_VER}\",\"name\":\"${CURR_NAME}\",\"body\":\"Automatic release from CI from ${{ github.sha }} :\n\n${{ github.event.head_commit.message }}\"}" | jq
+
+            echo "Publishing new version to npm"
+            npm publish
+            cd ..
+          done
diff --git a/README.md b/README.md
index fd0bd36..afa4fe5 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,6 @@
-# lodash-no-cve
+# lodash.template/lodash.pick
 
-Individual methods from lodash exposed except now with fixed audit
\ No newline at end of file
+Both of npm's `lodash.template` and `lodash.pick` have CVE that makes audit angry.
+Unfortunately neither have been updated.
+
+This package provides either of `lodash.template` or `lodash.pick` with the latest version of lodash to fix audit errors.
diff --git a/pick/.npmrc b/pick/.npmrc
new file mode 100644
index 0000000..9cf9495
--- /dev/null
+++ b/pick/.npmrc
@@ -0,0 +1 @@
+package-lock=false
\ No newline at end of file
diff --git a/pick/index.d.ts b/pick/index.d.ts
new file mode 100644
index 0000000..e914dfa
--- /dev/null
+++ b/pick/index.d.ts
@@ -0,0 +1,3 @@
+import _ from 'lodash'
+
+export default _.pick
diff --git a/pick/index.js b/pick/index.js
new file mode 100644
index 0000000..30f4267
--- /dev/null
+++ b/pick/index.js
@@ -0,0 +1,3 @@
+const _ = require('lodash')
+
+module.exports = _.pick
diff --git a/pick/package.json b/pick/package.json
new file mode 100644
index 0000000..9081771
--- /dev/null
+++ b/pick/package.json
@@ -0,0 +1,28 @@
+{
+  "name": "lodash.pick.nocve",
+  "version": "4.17.21",
+  "description": "The lodash method _.pick exported as node.js module but without cve",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://git.nfp.is/TheThing/lodash-no-cve.git"
+  },
+  "keywords": [
+    "lodash",
+    "lodash.pick"
+  ],
+  "author": "Jonatan Nilsson",
+  "license": "WTFPL",
+  "files": [
+    "index.js",
+    "index.d.ts",
+    "README.md",
+    "LICENSE"
+  ],
+  "dependencies": {
+    "lodash": "4.17.21"
+  }
+}
diff --git a/template/.npmrc b/template/.npmrc
new file mode 100644
index 0000000..9cf9495
--- /dev/null
+++ b/template/.npmrc
@@ -0,0 +1 @@
+package-lock=false
\ No newline at end of file
diff --git a/template/index.d.ts b/template/index.d.ts
new file mode 100644
index 0000000..b29d716
--- /dev/null
+++ b/template/index.d.ts
@@ -0,0 +1,3 @@
+import _ from 'lodash'
+
+export default _.template
diff --git a/template/index.js b/template/index.js
new file mode 100644
index 0000000..f185c15
--- /dev/null
+++ b/template/index.js
@@ -0,0 +1,3 @@
+const _ = require('lodash')
+
+module.exports = _.template
diff --git a/template/package.json b/template/package.json
new file mode 100644
index 0000000..7d2f2f8
--- /dev/null
+++ b/template/package.json
@@ -0,0 +1,28 @@
+{
+  "name": "lodash.template.nocve",
+  "version": "4.17.21",
+  "description": "The lodash method _.template exported as node.js module but without cve",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://git.nfp.is/TheThing/lodash-no-cve.git"
+  },
+  "keywords": [
+    "lodash",
+    "lodash.template"
+  ],
+  "author": "Jonatan Nilsson",
+  "license": "WTFPL",
+  "files": [
+    "index.js",
+    "index.d.ts",
+    "README.md",
+    "LICENSE"
+  ],
+  "dependencies": {
+    "lodash": "4.17.21"
+  }
+}