Renovate "Dependency lookup failure" in CI
Renovate queries a datasource to find versions for each dependency. A "Dependency lookup failure" means that query failed: the datasource is wrong, the package lives on a private feed with no credentials, or the registry was unreachable.
What this error means
A Renovate PR or log shows "Failed to look up dependency <name>" or a "Dependency lookup failure" warning, and that package is skipped or shown with no available versions.
WARN: Failed to look up npm package @vendor/sdk
Dependency lookup failure
statusCode: 404Common causes
A private package with no registry access
Renovate looks the package up on the public registry and gets 404 because it is hosted on a private feed it has no hostRules for.
A wrong or missing datasource/registryUrls
The package uses a custom datasource or registry that is not configured, so Renovate queries the wrong endpoint.
How to fix it
Point Renovate at the right registry with credentials
- Add
registryUrls(or a packageRule) for the private feed. - Add a matching
hostRulesentry with the token. - Re-run so the lookup queries the correct authenticated endpoint.
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"packageRules": [
{
"matchPackagePrefixes": ["@vendor/"],
"registryUrls": ["https://pkgs.internal.example.com/npm/"]
}
]
}Retry transient registry errors
A one-off network failure or registry timeout can cause a lookup failure. Re-run Renovate before treating it as misconfiguration.
How to prevent it
- Configure registryUrls and hostRules for private packages.
- Set the correct datasource for custom package sources.
- Re-run transient lookup failures before changing config.