diff --git a/lib/api/npm.js b/lib/api/npm.js
index 7f30df51855a006dfa7290cd971d6761d281421e..876399a3ae32d04540e321af8d7fd3aa5906d0ca 100644
--- a/lib/api/npm.js
+++ b/lib/api/npm.js
@@ -1,12 +1,27 @@
+// Most of this borrowed from https://github.com/sindresorhus/package-json/blob/master/index.js
+
 const got = require('got');
+const url = require('url');
+const registryUrl = require('registry-url');
+const registryAuthToken = require('registry-auth-token');
 
 module.exports = {
   getDependency,
 };
 
-function getDependency(depName) {
-  // supports scoped packages, e.g. @user/package
-  return got(`https://registry.npmjs.org/${depName.replace('/', '%2F')}`, {
+function getDependency(name) {
+  const scope = name.split('/')[0];
+  const regUrl = registryUrl(scope);
+  const pkgUrl = url.resolve(regUrl, encodeURIComponent(name).replace(/^%40/, '@'));
+  const authInfo = registryAuthToken(regUrl);
+  const headers = {};
+
+  if (authInfo) {
+    headers.authorization = `${authInfo.type} ${authInfo.token}`;
+  }
+
+  return got(pkgUrl, {
     json: true,
+    headers,
   }).then(res => res.body);
 }
diff --git a/package.json b/package.json
index 2d0c29fb7385796e1eade475bef1b134bf78f530..f86d6e82c2930a165c30a397a0ff64f160d6603b 100644
--- a/package.json
+++ b/package.json
@@ -43,6 +43,8 @@
     "handlebars": "4.0.6",
     "json-stringify-pretty-compact": "1.0.2",
     "lodash": "4.17.4",
+    "registry-auth-token": "3.1.0",
+    "registry-url": "3.1.0",
     "semver": "5.3.0",
     "semver-stable": "2.0.4",
     "winston": "2.3.1"