diff --git a/node_modules/npm-registry-fetch/auth.js b/node_modules/npm-registry-fetch/auth.js
index fafea54f32961..80aed9cac7e6c 100644
--- a/node_modules/npm-registry-fetch/auth.js
+++ b/node_modules/npm-registry-fetch/auth.js
@@ -27,6 +27,21 @@ const hasAuth = (regKey, opts) => (
   opts[`${regKey}:username`] && opts[`${regKey}:_password`]
 )
 
+const sameHost = (a, b) => {
+  const parsedA = new URL(a)
+  const parsedB = new URL(b)
+  return parsedA.host === parsedB.host
+}
+
+const getRegistry = opts => {
+  const { spec } = opts
+  const { scope: specScope, subSpec } = spec ? npa(spec) : {}
+  const subSpecScope = subSpec && subSpec.scope
+  const scope = subSpec ? subSpecScope : specScope
+  const scopeReg = scope && opts[`${scope}:registry`]
+  return scopeReg || opts.registry
+}
+
 const getAuth = (uri, opts = {}) => {
   const { forceAuth } = opts
   if (!uri)
@@ -44,19 +59,19 @@ const getAuth = (uri, opts = {}) => {
     })
   }
 
-  // no auth for this URI
-  if (!regKey && opts.spec) {
-    // If making a tarball request to a different base URI than the
-    // registry where we logged in, but the same auth SHOULD be sent
-    // to that artifact host, then we track where it was coming in from,
-    // and warn the user if we get a 4xx error on it.
-    const { spec } = opts
-    const { scope: specScope, subSpec } = npa(spec)
-    const subSpecScope = subSpec && subSpec.scope
-    const scope = subSpec ? subSpecScope : specScope
-    const scopeReg = scope && opts[`${scope}:registry`]
-    const scopeAuthKey = scopeReg && regKeyFromURI(scopeReg, opts)
-    return new Auth({ scopeAuthKey })
+  // no auth for this URI, but might have it for the registry
+  if (!regKey) {
+    const registry = getRegistry(opts)
+    if (registry && uri !== registry && sameHost(uri, registry))
+      return getAuth(registry, opts)
+    else if (registry !== opts.registry) {
+      // If making a tarball request to a different base URI than the
+      // registry where we logged in, but the same auth SHOULD be sent
+      // to that artifact host, then we track where it was coming in from,
+      // and warn the user if we get a 4xx error on it.
+      const scopeAuthKey = regKeyFromURI(registry, opts)
+      return new Auth({ scopeAuthKey })
+    }
   }
 
   const {
diff --git a/node_modules/npm-registry-fetch/package.json b/node_modules/npm-registry-fetch/package.json
index dab9cbb0c9897..8afda92595fbe 100644
--- a/node_modules/npm-registry-fetch/package.json
+++ b/node_modules/npm-registry-fetch/package.json
@@ -1,6 +1,6 @@
 {
   "name": "npm-registry-fetch",
-  "version": "10.1.0",
+  "version": "10.1.1",
   "description": "Fetch-based http client for use with npm registry APIs",
   "main": "index.js",
   "files": [
@@ -50,7 +50,7 @@
     "require-inject": "^1.4.4",
     "rimraf": "^2.6.2",
     "ssri": "^8.0.0",
-    "tap": "^14.10.7"
+    "tap": "^15.0.4"
   },
   "tap": {
     "check-coverage": true,
diff --git a/package-lock.json b/package-lock.json
index 3bf4c736e4b10..9f9b6b68e06cd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -124,7 +124,7 @@
         "npm-package-arg": "^8.1.2",
         "npm-pick-manifest": "^6.1.1",
         "npm-profile": "^5.0.3",
-        "npm-registry-fetch": "^10.1.0",
+        "npm-registry-fetch": "^10.1.1",
         "npm-user-validate": "^1.0.1",
         "npmlog": "~4.1.2",
         "opener": "^1.5.2",
@@ -5466,9 +5466,9 @@
       }
     },
     "node_modules/npm-registry-fetch": {
-      "version": "10.1.0",
-      "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-10.1.0.tgz",
-      "integrity": "sha512-XcKu0h6OuRTB7HO5uv8htavPQJ1dYTLAXLE5AMs4GFQ1LbY+LlHiNoqIbVshE3rk0vLk+nKxpA/4WJm1kE7eqg==",
+      "version": "10.1.1",
+      "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-10.1.1.tgz",
+      "integrity": "sha512-F6a3l+ffCQ7hvvN16YG5bpm1rPZntCg66PLHDQ1apWJPOCUVHoKnL2w5fqEaTVhp42dmossTyXeR7hTGirfXrg==",
       "inBundle": true,
       "dependencies": {
         "lru-cache": "^6.0.0",
@@ -14324,9 +14324,9 @@
       }
     },
     "npm-registry-fetch": {
-      "version": "10.1.0",
-      "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-10.1.0.tgz",
-      "integrity": "sha512-XcKu0h6OuRTB7HO5uv8htavPQJ1dYTLAXLE5AMs4GFQ1LbY+LlHiNoqIbVshE3rk0vLk+nKxpA/4WJm1kE7eqg==",
+      "version": "10.1.1",
+      "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-10.1.1.tgz",
+      "integrity": "sha512-F6a3l+ffCQ7hvvN16YG5bpm1rPZntCg66PLHDQ1apWJPOCUVHoKnL2w5fqEaTVhp42dmossTyXeR7hTGirfXrg==",
       "requires": {
         "lru-cache": "^6.0.0",
         "make-fetch-happen": "^8.0.9",
diff --git a/package.json b/package.json
index 7ee440d911a95..0a924a8503cbe 100644
--- a/package.json
+++ b/package.json
@@ -88,7 +88,7 @@
     "npm-package-arg": "^8.1.2",
     "npm-pick-manifest": "^6.1.1",
     "npm-profile": "^5.0.3",
-    "npm-registry-fetch": "^10.1.0",
+    "npm-registry-fetch": "^10.1.1",
     "npm-user-validate": "^1.0.1",
     "npmlog": "~4.1.2",
     "opener": "^1.5.2",