diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb
index dbe2c2711e9..83066aaa26c 100644
--- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb
+++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb
@@ -303,7 +303,7 @@ def url_for_relevant_cred(resolved_url)
                   else
                     URI("https://#{details['registry']}")
                   end
-            resolved_url_host == uri.host
+            resolved_url_host == uri.host && resolved_url.include?(details["registry"])
           end
 
         return unless credential_matching_url
diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_parser_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_parser_spec.rb
index d905fd567b4..0bc8ec6f9d4 100644
--- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_parser_spec.rb
+++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_parser_spec.rb
@@ -251,6 +251,31 @@
                 }]
               )
             end
+
+            context "with a credential that matches the hostname, but not the path" do
+              let(:credentials) do
+                [{
+                  "type" => "npm_registry",
+                  "registry" => "npm.pkg.github.com/dependabot",
+                  "username" => "x-access-token",
+                  "password" => "token"
+                }]
+              end
+
+              its(:requirements) do
+                is_expected.to eq(
+                  [{
+                    requirement: "^2.0.1",
+                    file: "package.json",
+                    groups: ["devDependencies"],
+                    source: {
+                      type: "registry",
+                      url: "https://npm.pkg.github.com"
+                    }
+                  }]
+                )
+              end
+            end
           end
 
           describe "the scoped gitlab dependency" do