diff --git a/.github/workflows/nodejs.condo.ci.yml b/.github/workflows/nodejs.condo.ci.yml
index 45951392880..08b2eb0d711 100644
--- a/.github/workflows/nodejs.condo.ci.yml
+++ b/.github/workflows/nodejs.condo.ci.yml
@@ -23,6 +23,7 @@ env:
   DOCKER_IMAGE: condo/condo-image:${{ github.event.pull_request.head.sha || github.sha }}
   DOCKER_IMAGE_FULL: ${{ secrets.DOCKER_REGISTRY }}/condo/condo-image:${{ github.event.pull_request.head.sha || github.sha }}
   CONDO_TEST_SHARD_TOTAL: 20
+  NPM_REGISTRY_SERVER: ${{ secrets.NPM_REGISTRY_SERVER }}
   PG_IMAGE_FULL: ${{ secrets.DOCKER_REGISTRY }}/doma/utils/postgres:16.8
   REDIS_IMAGE_FULL: ${{ secrets.DOCKER_REGISTRY }}/doma/utils/redis:6.2
   REF: ${{ github.event.pull_request.head.sha || github.ref }}
@@ -93,10 +94,13 @@ jobs:
           tags: ${{ env.DOCKER_IMAGE_FULL }}
           build-args: |
             REGISTRY=${{ secrets.DOCKER_REGISTRY }}/doma/utils
+            NPM_REGISTRY_SERVER=${{ env.NPM_REGISTRY_SERVER }}
             TURBO_TEAM=condo-ci
             TURBO_REMOTE_ONLY=true
             TURBO_TOKEN=${{ secrets.TURBO_TOKEN }}
             TURBO_API=${{ secrets.TURBO_API }}
+          secrets: |
+            npm_registry_auth_token=${{ secrets.NPM_REGISTRY_AUTH_TOKEN }}
           provenance: false
           cache-from: ${{ env.DOCKER_CACHE_FROM }}
           cache-to: ${{ env.DOCKER_CACHE_TO }}
diff --git a/.yarnrc.yml b/.yarnrc.yml
index 102af15dc6b..d8193f1ca99 100644
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@@ -22,4 +22,10 @@ packageExtensions:
     dependencies:
       "graphql": "^15.6.1"
 
+npmRegistryServer: "${NPM_REGISTRY_SERVER:-https://registry.npmjs.org}"
 
+npmAuthToken: "${NPM_REGISTRY_AUTH_TOKEN:-}"
+
+httpTimeout: 3000
+httpRetry: 3
+networkConcurrency: 8
diff --git a/Dockerfile b/Dockerfile
index 195ad979077..2634e9d7b99 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -25,13 +25,20 @@ RUN set -ex \
 # Installer
 FROM base AS installer
 
+ARG NPM_REGISTRY_SERVER=https://registry.npmjs.org
+
 WORKDIR /app
 # Copy pruned monorepo (only package.json + yarn.lock)
 COPY --chown=app:app ./out /app
 # Copy yarn berry
 COPY --chown=app:app ./.yarn /app/.yarn
 COPY --chown=app:app ./.yarnrc.yml /app/.yarnrc.yml
-RUN --mount=type=cache,target=/usr/local/share/.cache/yarn \
+
+ENV NPM_REGISTRY_SERVER=$NPM_REGISTRY_SERVER
+
+RUN --mount=type=secret,id=npm_registry_auth_token \
+    --mount=type=cache,target=/usr/local/share/.cache/yarn \
+	export NPM_REGISTRY_AUTH_TOKEN="$(cat /run/secrets/npm_registry_auth_token 2>/dev/null || true)" && \
     yarn install --immutable --inline-builds
 
 # Builder