diff --git a/src/cli/commands/policies.js b/src/cli/commands/policies.js
index 62b8617f30..f130577e28 100644
--- a/src/cli/commands/policies.js
+++ b/src/cli/commands/policies.js
@@ -122,9 +122,16 @@ const {run, setFlags, examples} = buildSubCommands('policies', {
       bundleUrl = 'https://github.com/yarnpkg/berry/raw/master/packages/berry-cli/bin/berry.js';
       bundleVersion = 'berry';
     } else {
-      const releases = await fetchReleases(config, {
-        includePrereleases: allowRc,
-      });
+      let releases = [];
+
+      try {
+        releases = await fetchReleases(config, {
+          includePrereleases: allowRc,
+        });
+      } catch (e) {
+        reporter.error(e.message);
+        return;
+      }
 
       const release = releases.find(release => {
         // $FlowFixMe
diff --git a/src/reporters/lang/en.js b/src/reporters/lang/en.js
index 5175666d90..e376e969b3 100644
--- a/src/reporters/lang/en.js
+++ b/src/reporters/lang/en.js
@@ -358,6 +358,7 @@ const messages = {
   errorExtractingTarball: 'Extracting tar content of $1 failed, the file appears to be corrupt: $0',
   updateInstalling: 'Installing $0...',
   hostedGitResolveError: 'Error connecting to repository. Please, check the url.',
+  unauthorizedResponse: 'Received a 401 from $0. $1',
 
   unknownFetcherFor: 'Unknown fetcher for $0',
 
diff --git a/src/util/request-manager.js b/src/util/request-manager.js
index 8756139f14..fd41bf2100 100644
--- a/src/util/request-manager.js
+++ b/src/util/request-manager.js
@@ -373,6 +373,11 @@ export default class RequestManager {
       rejectNext(err);
     };
 
+    const rejectWithoutUrl = function(err) {
+      err.message = err.message;
+      rejectNext(err);
+    };
+
     const queueForRetry = reason => {
       const attempts = params.retryAttempts || 0;
       if (attempts >= this.maxRetryAttempts - 1) {
@@ -428,6 +433,11 @@ export default class RequestManager {
           }
         }
 
+        if (res.statusCode === 401 && res.caseless && res.caseless.get('server') === 'GitHub.com') {
+          const message = `${res.body.message}. If using GITHUB_TOKEN in your env, check that it is valid.`;
+          rejectWithoutUrl(new Error(this.reporter.lang('unauthorizedResponse', res.caseless.get('server'), message)));
+        }
+
         if (res.statusCode === 401 && res.headers['www-authenticate']) {
           const authMethods = res.headers['www-authenticate'].split(/,\s*/).map(s => s.toLowerCase());