diff --git a/commands/publish/__tests__/publish-command.test.js b/commands/publish/__tests__/publish-command.test.js
index 6b44ad326f..715f2e51cf 100644
--- a/commands/publish/__tests__/publish-command.test.js
+++ b/commands/publish/__tests__/publish-command.test.js
@@ -32,6 +32,8 @@ const initFixture = require("@lerna-test/init-fixture")(__dirname);
 // file under test
 const lernaPublish = require("@lerna-test/command-runner")(require("../command"));
 
+expect.extend(require("@lerna-test/figgy-pudding-matchers"));
+
 describe("PublishCommand", () => {
   describe("cli validation", () => {
     let cwd;
@@ -116,15 +118,10 @@ Set {
       expect(getNpmUsername.registry.get(testDir).get("registry")).toBe("https://registry.npmjs.org/");
 
       expect(verifyNpmPackageAccess).toHaveBeenCalled();
-      expect(verifyNpmPackageAccess.registry.get(testDir)).toMatchInlineSnapshot(`
-Set {
-  "package-1",
-  "package-2",
-  "package-3",
-  "package-4",
-  "username: lerna-test",
-}
-`);
+      expect(verifyNpmPackageAccess).toHaveBeenLastCalledWith(
+        expect.any(Array),
+        expect.figgyPudding({ registry: "https://registry.npmjs.org/" })
+      );
     });
 
     it("publishes changed independent packages", async () => {
diff --git a/commands/publish/__tests__/verify-npm-package-access.test.js b/commands/publish/__tests__/verify-npm-package-access.test.js
index 646b022bbb..2f472d2cc0 100644
--- a/commands/publish/__tests__/verify-npm-package-access.test.js
+++ b/commands/publish/__tests__/verify-npm-package-access.test.js
@@ -15,6 +15,8 @@ access.lsPackages.mockImplementation(() =>
   })
 );
 
+expect.extend(require("@lerna-test/figgy-pudding-matchers"));
+
 describe("verifyNpmPackageAccess", () => {
   const origConsoleError = console.error;
 
@@ -40,7 +42,7 @@ describe("verifyNpmPackageAccess", () => {
 
     expect(access.lsPackages).toHaveBeenLastCalledWith(
       "lerna-test",
-      expect.objectContaining({
+      expect.figgyPudding({
         username: "lerna-test",
         registry: "https://registry.npmjs.org/",
         "fetch-retries": 0,
diff --git a/commands/publish/index.js b/commands/publish/index.js
index e82c911d67..cd0b11159f 100644
--- a/commands/publish/index.js
+++ b/commands/publish/index.js
@@ -402,7 +402,7 @@ class PublishCommand extends Command {
 
     // if no username was retrieved, don't bother validating
     if (this.conf.get("username") && this.verifyAccess) {
-      chain = chain.then(() => verifyNpmPackageAccess(this.packagesToPublish, this.conf));
+      chain = chain.then(() => verifyNpmPackageAccess(this.packagesToPublish, this.conf.snapshot));
     }
 
     return chain;
diff --git a/commands/publish/lib/__mocks__/verify-npm-package-access.js b/commands/publish/lib/__mocks__/verify-npm-package-access.js
index 9f341c7d93..7b92c44b7f 100644
--- a/commands/publish/lib/__mocks__/verify-npm-package-access.js
+++ b/commands/publish/lib/__mocks__/verify-npm-package-access.js
@@ -1,22 +1,6 @@
 "use strict";
 
-const registry = new Map();
-
 // to mock user modules, you _must_ call `jest.mock('./path/to/module')`
-const mockVerifyNpmPackageAccess = jest.fn((packages, opts) => {
-  const result = new Set(packages.map(pkg => pkg.name));
-
-  result.add(`username: ${opts.get("username")}`);
-
-  registry.set(opts.prefix, result);
-
-  return Promise.resolve();
-});
-
-// keep test data isolated
-afterEach(() => {
-  registry.clear();
-});
+const mockVerifyNpmPackageAccess = jest.fn(() => Promise.resolve());
 
 module.exports = mockVerifyNpmPackageAccess;
-module.exports.registry = registry;
diff --git a/commands/publish/lib/fetch-config.js b/commands/publish/lib/fetch-config.js
new file mode 100644
index 0000000000..a42a4ccba9
--- /dev/null
+++ b/commands/publish/lib/fetch-config.js
@@ -0,0 +1,20 @@
+"use strict";
+
+const log = require("libnpm/log");
+const figgyPudding = require("figgy-pudding");
+
+module.exports = figgyPudding(
+  {
+    "fetch-retries": {},
+    fetchRetries: "fetch-retries",
+    log: { default: log },
+    registry: {},
+    username: {},
+  },
+  {
+    other() {
+      // open it up for the sake of tests
+      return true;
+    },
+  }
+);
diff --git a/commands/publish/lib/verify-npm-package-access.js b/commands/publish/lib/verify-npm-package-access.js
index 2aa7a3abdf..a613ccd6b5 100644
--- a/commands/publish/lib/verify-npm-package-access.js
+++ b/commands/publish/lib/verify-npm-package-access.js
@@ -1,28 +1,26 @@
 "use strict";
 
-const log = require("libnpm/log");
 const access = require("libnpm/access");
-const RegistryConfig = require("npm-registry-fetch/config");
 const ValidationError = require("@lerna/validation-error");
+const FetchConfig = require("./fetch-config");
 
 module.exports = verifyNpmPackageAccess;
 
-function verifyNpmPackageAccess(packages, opts) {
-  log.silly("verifyNpmPackageAccess");
-
-  // eslint-disable-next-line no-param-reassign
-  opts = RegistryConfig(opts, {
+function verifyNpmPackageAccess(packages, _opts) {
+  const opts = FetchConfig(_opts, {
     // don't wait forever for third-party failures to be dealt with
     "fetch-retries": 0,
   });
 
-  return access.lsPackages(opts.username, opts.toJSON()).then(success, failure);
+  opts.log.silly("verifyNpmPackageAccess");
+
+  return access.lsPackages(opts.username, opts).then(success, failure);
 
   function success(result) {
     // when _no_ results received, access.lsPackages returns null
     // we can only assume that the packages in question have never been published
     if (result === null) {
-      log.warn(
+      opts.log.warn(
         "",
         "The logged-in user does not have any previously-published packages, skipping permission checks..."
       );
@@ -42,7 +40,7 @@ function verifyNpmPackageAccess(packages, opts) {
     // pass if registry does not support ls-packages endpoint
     if (err.code === "E500" || err.code === "E404") {
       // most likely a private registry (npm Enterprise, verdaccio, etc)
-      log.warn(
+      opts.log.warn(
         "EREGISTRY",
         "Registry %j does not support `npm access ls-packages`, skipping permission checks...",
         // registry
@@ -54,9 +52,9 @@ function verifyNpmPackageAccess(packages, opts) {
     }
 
     // Log the error cleanly to stderr
-    log.pause();
+    opts.log.pause();
     console.error(err.message); // eslint-disable-line no-console
-    log.resume();
+    opts.log.resume();
 
     throw new ValidationError("EWHOAMI", "Authentication error. Use `npm whoami` to troubleshoot.");
   }
diff --git a/commands/publish/package.json b/commands/publish/package.json
index 0d64d9ad19..0c30cafa20 100644
--- a/commands/publish/package.json
+++ b/commands/publish/package.json
@@ -50,6 +50,7 @@
     "@lerna/run-parallel-batches": "file:../../utils/run-parallel-batches",
     "@lerna/validation-error": "file:../../core/validation-error",
     "@lerna/version": "file:../version",
+    "figgy-pudding": "^3.5.1",
     "fs-extra": "^7.0.0",
     "libnpm": "^2.0.1",
     "npm-registry-fetch": "^3.8.0",
diff --git a/package-lock.json b/package-lock.json
index cf8ee73a85..dbb4f31525 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -670,6 +670,7 @@
         "@lerna/run-parallel-batches": "file:utils/run-parallel-batches",
         "@lerna/validation-error": "file:core/validation-error",
         "@lerna/version": "file:commands/version",
+        "figgy-pudding": "^3.5.1",
         "fs-extra": "^7.0.0",
         "libnpm": "^2.0.1",
         "npm-registry-fetch": "^3.8.0",