Skip to content
Latchkey

Renovate "Dependency lookup failure" in CI

Renovate queries a datasource to find versions for each dependency. A "Dependency lookup failure" means that query failed: the datasource is wrong, the package lives on a private feed with no credentials, or the registry was unreachable.

What this error means

A Renovate PR or log shows "Failed to look up dependency <name>" or a "Dependency lookup failure" warning, and that package is skipped or shown with no available versions.

Renovate
WARN: Failed to look up npm package @vendor/sdk
  Dependency lookup failure
  statusCode: 404

Common causes

A private package with no registry access

Renovate looks the package up on the public registry and gets 404 because it is hosted on a private feed it has no hostRules for.

A wrong or missing datasource/registryUrls

The package uses a custom datasource or registry that is not configured, so Renovate queries the wrong endpoint.

How to fix it

Point Renovate at the right registry with credentials

  1. Add registryUrls (or a packageRule) for the private feed.
  2. Add a matching hostRules entry with the token.
  3. Re-run so the lookup queries the correct authenticated endpoint.
renovate.json
{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "packageRules": [
    {
      "matchPackagePrefixes": ["@vendor/"],
      "registryUrls": ["https://pkgs.internal.example.com/npm/"]
    }
  ]
}

Retry transient registry errors

A one-off network failure or registry timeout can cause a lookup failure. Re-run Renovate before treating it as misconfiguration.

How to prevent it

  • Configure registryUrls and hostRules for private packages.
  • Set the correct datasource for custom package sources.
  • Re-run transient lookup failures before changing config.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →