Wrong auth for scoped packages in private registries

[donaldpipowitch]

Do you want to request a bug?
bug

What is the current behavior?
If the current behavior is a bug, please provide the steps to reproduce.

When a custom registry for scoped packages is used the authentification for the default registry is used. E.g. in my project I have a .npmrc like this:

strict-ssl=false
@some-scope:registry=https://npm-registry.our-company.lan/repository/npm-registry/

In my ~/.npmrc I'm authenticated with the public npm registry:

//registry.npmjs.org/:_authToken=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Now I call $ yarn to install deps and get error Couldn't find package "@some-scope/some-package" on the "npm" registry.. (This is actually a 401 error, not 404! See #2152 for this incorrect error message.)

What is the expected behavior?

Don't use the _authToken for registry.npmjs.org when I use the private registry for @some-scope so @some-scope/some-package can be installed correctly.

Please mention your node.js, yarn and operating system version.

$ node -v
v6.9.1

$ yarn -V
0.18.0

macOS 10.12.1

[kyeotic]

I'm working around this right now with an alias that moves the ~/.npmrc file to a backup, installs from yarn, then restores the ~/.npmrc file.

[danez]

This is fixed by #3231 in 0.26.0