diff --git a/src/plugins/github/bin/fetchAndPrintGithubRepo.js b/src/plugins/github/bin/fetchAndPrintGithubRepo.js
index 6fe733f..2ed5744 100644
--- a/src/plugins/github/bin/fetchAndPrintGithubRepo.js
+++ b/src/plugins/github/bin/fetchAndPrintGithubRepo.js
@@ -16,6 +16,7 @@ import stringify from "json-stable-stringify";
 import fetchGithubRepo from "../fetchGithubRepo";
 import {makeRepoId} from "../repoId";
 import {MemoryCacheProvider} from "../../../backend/memoryCacheProvider";
+import {validateToken} from "../token";
 
 function parseArgs() {
   const argv = process.argv.slice(2);
@@ -26,7 +27,8 @@ function parseArgs() {
   if (argv.length < 2) {
     fail();
   }
-  const [owner, name, githubToken, ...rest] = argv;
+  const [owner, name, unvalidatedGithubToken, ...rest] = argv;
+  const githubToken = validateToken(unvalidatedGithubToken);
   const result = {owner, name, githubToken};
   if (rest.length > 0) {
     fail();
diff --git a/src/plugins/github/fetchGithubRepo.js b/src/plugins/github/fetchGithubRepo.js
index 2d1271f..261d447 100644
--- a/src/plugins/github/fetchGithubRepo.js
+++ b/src/plugins/github/fetchGithubRepo.js
@@ -16,12 +16,12 @@ import * as Schema from "../../graphql/schema";
 import {BLACKLISTED_IDS} from "./blacklistedObjectIds";
 import type {Repository} from "./graphqlTypes";
 import schema from "./schema";
-import {validateToken} from "./token";
+import {type GithubToken} from "./token";
 import {cacheIdForRepoId} from "./cacheId";
 import {type CacheProvider} from "../../backend/cache";
 
 type FetchRepoOptions = {|
-  +token: string,
+  +token: GithubToken,
   +cache: CacheProvider,
 |};
 
@@ -45,15 +45,6 @@ export async function fetchGithubRepoFromCache(
   repoId: RepoId,
   {token, cache}: FetchRepoOptions
 ): Promise<Repository> {
-  // Right now, only warn on likely to be bad tokens (see #1461).
-  // This lets us proceed to the GitHub API validating the token,
-  // while giving users instructions to remedy if it was their mistake.
-  try {
-    validateToken(token);
-  } catch (e) {
-    console.warn(`Warning: ${e}`);
-  }
-
   // TODO: remove the need for a GithubToken to resolve the ID.
   // See https://github.com/sourcecred/sourcecred/issues/1580
   const postQueryWithToken = (payload) => postQuery(payload, token);
@@ -76,7 +67,7 @@ export async function fetchGithubRepoFromCache(
  *
  * @param {RepoId} repoId
  *    the GitHub repository to be scraped
- * @param {String} token
+ * @param {GithubToken} token
  *    authentication token to be used for the GitHub API; generate a
  *    token at: https://github.com/settings/tokens
  * @return {Promise<object>}
@@ -88,17 +79,7 @@ export default async function fetchGithubRepo(
   repoId: RepoId,
   {token, cache}: FetchRepoOptions
 ): Promise<Repository> {
-  // Right now, only warn on likely to be bad tokens (see #1461).
-  // This lets us proceed to the GitHub API validating the token,
-  // while giving users instructions to remedy if it was their mistake.
-  try {
-    validateToken(token);
-  } catch (e) {
-    console.warn(`Warning: ${e}`);
-  }
-
   const postQueryWithToken = (payload) => postQuery(payload, token);
-
   const resolvedId: Schema.ObjectId = await resolveRepositoryGraphqlId(
     postQueryWithToken,
     repoId
@@ -247,7 +228,7 @@ function retryGithubFetch(fetch, fetchOptions) {
 
 export async function postQuery(
   {body, variables}: {+body: Body, +variables: mixed},
-  token: string
+  token: GithubToken
 ): Promise<any> {
   const postBody = JSON.stringify({
     query: stringify.body(body, inlineLayout()),