diff --git a/src/plugins/npm/verify.js b/src/plugins/npm/verify.js
index 333b1ca..dc67970 100644
--- a/src/plugins/npm/verify.js
+++ b/src/plugins/npm/verify.js
@@ -15,7 +15,9 @@ export default () => {
         logger.log("Verifying access to NPM...");
         try {
             await fs.appendFile("./.npmrc", `\n//registry.npmjs.org/:_authToken=${NPM_TOKEN}`);
-            await execa("npm", ["whoami"]);
+            // We need to unset the `npm_` env variables to make sure local `.npmrc` is being read.
+            // This is required when running scripts with yarn: https://github.com/yarnpkg/yarn/issues/4475
+            execa.shellSync("unset $(env | awk -F= '$1 ~ /^npm_/ {print $1}') && npm whoami");
             next();
         } catch (err) {
             throw new Error("EINVALIDNPMTOKEN: " + err.message);
diff --git a/tests/npmVerify.test.js b/tests/npmVerify.test.js
index 580be7e..ed291b7 100644
--- a/tests/npmVerify.test.js
+++ b/tests/npmVerify.test.js
@@ -51,12 +51,14 @@ describe("npmVerify plugin test", function() {
         process.env["NPM_TOKEN"] = "npm-token";
 
         proxyquire(modulePath, {
-            execa: async () => {
-                const npmrc = await fs.readFile("./.npmrc");
-                if (npmrc.includes("//registry.npmjs.org/:_authToken=npm-token")) {
-                    return true;
+            execa: {
+                shellSync: async () => {
+                    const npmrc = await fs.readFile("./.npmrc");
+                    if (npmrc.includes("//registry.npmjs.org/:_authToken=npm-token")) {
+                        return true;
+                    }
+                    throw new Error("Command failed: npm whoami");
                 }
-                throw new Error("Command failed: npm whoami");
             }
         });