From 8e1ab019abf796939a928eb7fc3d6c5bbc4afc98 Mon Sep 17 00:00:00 2001
From: Karen Li <47998177+karenjli@users.noreply.github.com>
Date: Fri, 14 Nov 2025 14:39:18 -0500
Subject: [PATCH 01/23] [docs] Remove classic token description (#1775)
This PR removes description about legacy tokens as we are removing them
permanently.
---
.../about-access-tokens.mdx | 19 -------------------
1 file changed, 19 deletions(-)
diff --git a/content/integrations/integrating-npm-with-external-services/about-access-tokens.mdx b/content/integrations/integrating-npm-with-external-services/about-access-tokens.mdx
index ccfdcc87c57..6654a7ad35a 100644
--- a/content/integrations/integrating-npm-with-external-services/about-access-tokens.mdx
+++ b/content/integrations/integrating-npm-with-external-services/about-access-tokens.mdx
@@ -22,30 +22,11 @@ You can work with tokens from the web or the CLI, whichever is easiest. What you
npm token commands let you:
- View tokens for easier tracking and management
-- Create new legacy tokens (deprecated)
- Limit access according to IP address ranges (CIDR)
- Delete/revoke tokens
For more information on creating and viewing access tokens on the web and CLI, see "[Creating and viewing access tokens][create-token]".
-## About legacy tokens (Deprecated)
-
-
-
-**Warning:** Legacy access tokens were removed on November 5, 2025.
-
-
-
-Legacy tokens are created with the same permissions as the user who created them. The npm CLI automatically generates and uses a publish token when you run `npm login`.
-
-There are three different types of legacy tokens:
-
-- **Read-only**: You can use these tokens to download packages from the registry. These tokens are best for automation and workflows where you are installing packages. For greater security, we recommend using [granular access tokens](#about-granular-access-tokens) instead.
-- **Automation**: You can use these tokens to download packages and install new ones. These tokens are best for automation workflows where you are publishing new packages. Automation tokens do not require 2FA for executing operations on npm and are suitable for CI/CD workflows. For greater security, we recommend using [granular access tokens](#about-granular-access-tokens) instead.
-- **Publish**: You can use these tokens to download packages, install packages, and update user and package settings. We recommend using them for interactive workflows such as a CLI. If 2FA is enabled on your account, publish tokens will require 2FA to execute sensitive operations on npm.
-
-Legacy tokens do not have an expiration date. It is important to be aware of your tokens and keep them protected for account security. For more information, see "[Securing your token][secure-token]."
-
## About granular access tokens
Granular access tokens allow you to restrict access provided to the token based on what you want to use the token for. With granular access tokens, you can:
From 480bc69294882172fea4ec8742f459c59d74028e Mon Sep 17 00:00:00 2001
From: shmam
Date: Mon, 24 Nov 2025 13:15:16 -0500
Subject: [PATCH 02/23] [docs] Update 2FA requirements for package publishing
and settings modification
---
...-package-publishing-and-settings-modification.mdx | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx b/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx
index 4aee6a2788e..752525fe815 100644
--- a/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx
+++ b/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx
@@ -34,13 +34,17 @@ For CI/CD workflows, consider using [trusted publishing](/trusted-publishers), w
4. Under "Publishing access", select the requirements to publish a package.
- 1. **Dont require two-factor authentication**
- With this option, a maintainer can publish a package or change the package settings whether they have two-factor authentication enabled or not. This is the least secure setting.
- 2. **Require two-factor authentication or granular access tokens**
+
+
+ **Note:** All packages now require either two-factor authentication or a granular access token with bypass 2FA enabled to publish. This is the default setting for all new packages.
+
+
+
+ 1. **Require two-factor authentication or granular access tokens** (Default)
With this option, maintainers must have two-factor authentication enabled for their account. If they publish a package interactively, using the `npm publish` command, they will be required to enter 2FA credentials when they perform the publish. However, maintainers may also create a [granular access token with bypass 2FA enabled][creating-granular-access-token] and use that to publish. A second factor is _not_ required when using these specific token types, making them useful for continuous integration and continuous deployment workflows.
- 3. **Require two-factor authentication and disallow tokens**
+ 2. **Require two-factor authentication and disallow tokens**
With this option, a maintainer must have two-factor authentication enabled for their account, and they must publish interactively. Maintainers will be required to enter 2FA credentials when they perform the publish. Granular access tokens cannot be used to publish packages, regardless of their bypass 2FA setting.
From 6757acad7dacc1db9324ae74545479428e4d4d62 Mon Sep 17 00:00:00 2001
From: shmam
Date: Mon, 24 Nov 2025 13:15:34 -0500
Subject: [PATCH 03/23] [docs] Add 2FA requirements note before publishing
Node.js modules
---
.../creating-node-js-modules.mdx | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/content/packages-and-modules/contributing-packages-to-the-registry/creating-node-js-modules.mdx b/content/packages-and-modules/contributing-packages-to-the-registry/creating-node-js-modules.mdx
index 4e1fd077806..ab2a1aecb4f 100644
--- a/content/packages-and-modules/contributing-packages-to-the-registry/creating-node-js-modules.mdx
+++ b/content/packages-and-modules/contributing-packages-to-the-registry/creating-node-js-modules.mdx
@@ -36,6 +36,13 @@ exports.printMsg = function() {
## Test your module
1. Publish your package to npm:
+
+
+
+ **Important:** Before you can publish, you must have either [two-factor authentication (2FA)][config-2fa] enabled on your account, or a [granular access token with bypass 2FA enabled][creating-token] for CI/CD workflows.
+
+
+
- For [private packages][priv-pkg-pub] and [unscoped packages][unscoped-pkg-pub], use `npm publish`.
- For [scoped public packages][scoped-pkg-pub], use `npm publish --access public`
@@ -73,3 +80,5 @@ exports.printMsg = function() {
[priv-pkg-pub]: creating-and-publishing-private-packages#publishing-private-packages
[unscoped-pkg-pub]: creating-and-publishing-unscoped-public-packages#publishing-unscoped-public-packages
[scoped-pkg-pub]: creating-and-publishing-scoped-public-packages#publishing-scoped-public-packages
+[config-2fa]: /configuring-two-factor-authentication
+[creating-token]: /creating-and-viewing-access-tokens
From 18cfa00db97368241054dde9032e98f07c387b4b Mon Sep 17 00:00:00 2001
From: shmam
Date: Mon, 24 Nov 2025 13:16:09 -0500
Subject: [PATCH 04/23] [docs] Add 2FA requirements for publishing unscoped
public packages
---
...ting-and-publishing-unscoped-public-packages.mdx | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-unscoped-public-packages.mdx b/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-unscoped-public-packages.mdx
index 80fd70a7478..6eec443de89 100644
--- a/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-unscoped-public-packages.mdx
+++ b/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-unscoped-public-packages.mdx
@@ -58,6 +58,16 @@ npm install path/to/my-package
## Publishing unscoped public packages
+
+
+**Important:** Before you can publish, you must have either:
+- [Two-factor authentication (2FA)][config-2fa] enabled on your account, OR
+- A [granular access token with bypass 2FA enabled][creating-token] (required for CI/CD workflows)
+
+For more information, see "[Requiring 2FA for package publishing][requiring-2fa]."
+
+
+
1. On the command line, navigate to the root directory of your package.
```
@@ -89,3 +99,6 @@ For more information on the `publish` command, see the [CLI documentation][cli-p
[cli-publish]: /cli/publish
[pii]: https://en.wikipedia.org/wiki/Personally_identifiable_information
[provenance-how-to]: /generating-provenance-statements
+[config-2fa]: /configuring-two-factor-authentication
+[creating-token]: /creating-and-viewing-access-tokens
+[requiring-2fa]: /requiring-2fa-for-package-publishing-and-settings-modification
From 595268c5eb7a73045cf497878319ba6e0db0214e Mon Sep 17 00:00:00 2001
From: shmam
Date: Mon, 24 Nov 2025 13:16:25 -0500
Subject: [PATCH 05/23] [docs] Add 2FA requirements for publishing scoped
public packages
---
...eating-and-publishing-scoped-public-packages.mdx | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-scoped-public-packages.mdx b/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-scoped-public-packages.mdx
index 9ca51dd8892..1be8350c88d 100644
--- a/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-scoped-public-packages.mdx
+++ b/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-scoped-public-packages.mdx
@@ -77,6 +77,16 @@ npm install /path/to/my-test-package
By default, scoped packages are published with private visibility. To publish a scoped package with public visibility, use `npm publish --access public`.
+
+
+**Important:** Before you can publish, you must have either:
+- [Two-factor authentication (2FA)][config-2fa] enabled on your account, OR
+- A [granular access token with bypass 2FA enabled][creating-token] (required for CI/CD workflows)
+
+For more information, see "[Requiring 2FA for package publishing][requiring-2fa]."
+
+
+
1. On the command line, navigate to the root directory of your package.
```
@@ -111,3 +121,6 @@ For more information on the `publish` command, see the [CLI documentation][cli-p
[cli-publish]: /cli/publish
[pii]: https://en.wikipedia.org/wiki/Personally_identifiable_information
[provenance-how-to]: /generating-provenance-statements
+[config-2fa]: /configuring-two-factor-authentication
+[creating-token]: /creating-and-viewing-access-tokens
+[requiring-2fa]: /requiring-2fa-for-package-publishing-and-settings-modification
From f9c265ba29296001fcf913b066fa3f0f753ae064 Mon Sep 17 00:00:00 2001
From: shmam
Date: Mon, 24 Nov 2025 13:16:47 -0500
Subject: [PATCH 06/23] [docs] Add 2FA requirements for publishing private
packages
---
.../creating-and-publishing-private-packages.mdx | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-private-packages.mdx b/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-private-packages.mdx
index ce872d89064..8f5070ba3ff 100644
--- a/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-private-packages.mdx
+++ b/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-private-packages.mdx
@@ -81,6 +81,16 @@ npm install my-package
By default, scoped packages are published with private visibility.
+
+
+**Important:** Before you can publish, you must have either:
+- [Two-factor authentication (2FA)][config-2fa] enabled on your account, OR
+- A [granular access token with bypass 2FA enabled][creating-token] (required for CI/CD workflows)
+
+For more information, see "[Requiring 2FA for package publishing][requiring-2fa]."
+
+
+
1. On the command line, navigate to the root directory of your package.
```
@@ -109,3 +119,6 @@ For more information on the `publish` command, see the [CLI documentation][cli-p
[cli-publish]: /cli/publish
[reg-config]: configuring-your-registry-settings-as-an-npm-enterprise-user#using-npmrc-to-manage-multiple-profiles-for-different-registries
[pii]: https://en.wikipedia.org/wiki/Personally_identifiable_information
+[config-2fa]: /configuring-two-factor-authentication
+[creating-token]: /creating-and-viewing-access-tokens
+[requiring-2fa]: /requiring-2fa-for-package-publishing-and-settings-modification
From 3a9748a811a4c5bad166c8b7fb26a7b52d732c73 Mon Sep 17 00:00:00 2001
From: shmam
Date: Mon, 24 Nov 2025 13:17:05 -0500
Subject: [PATCH 07/23] [docs] Clarify 2FA authentication requirements for
package publishing
---
...iring-two-factor-authentication-in-your-organization.mdx | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/content/organizations/creating-and-managing-organizations/requiring-two-factor-authentication-in-your-organization.mdx b/content/organizations/creating-and-managing-organizations/requiring-two-factor-authentication-in-your-organization.mdx
index f299e6f313a..cca11cd3186 100644
--- a/content/organizations/creating-and-managing-organizations/requiring-two-factor-authentication-in-your-organization.mdx
+++ b/content/organizations/creating-and-managing-organizations/requiring-two-factor-authentication-in-your-organization.mdx
@@ -12,6 +12,12 @@ Two-factor authentication (2FA) is an extra layer of security used when logging
+**Important:** Publishing packages to npm now requires authentication via either two-factor authentication enabled on your account, or a granular access token with bypass 2FA enabled. This requirement applies at the platform level for all packages by default, regardless of organization-level 2FA settings.
+
+
+
+
+
**Note:**
- When you require use of two-factor authentication for your organization, members who do not use 2FA will be removed from the organization and lose access to its packages. You can add them back to the organization if they enable two-factor authentication.
From 1c266c21db772caa295b801df5d401c2fa2fa8cc Mon Sep 17 00:00:00 2001
From: shmam
Date: Mon, 24 Nov 2025 13:19:06 -0500
Subject: [PATCH 08/23] [docs] Update guidance for creating granular access
tokens with bypass 2FA for CI/CD workflows
---
.../using-private-packages-in-a-ci-cd-workflow.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/content/integrations/integrating-npm-with-external-services/using-private-packages-in-a-ci-cd-workflow.mdx b/content/integrations/integrating-npm-with-external-services/using-private-packages-in-a-ci-cd-workflow.mdx
index 21639230c6f..06d75579fee 100644
--- a/content/integrations/integrating-npm-with-external-services/using-private-packages-in-a-ci-cd-workflow.mdx
+++ b/content/integrations/integrating-npm-with-external-services/using-private-packages-in-a-ci-cd-workflow.mdx
@@ -45,7 +45,7 @@ For more information on creating granular access tokens, including CIDR-whitelis
For publishing packages in continuous deployment environments, we strongly recommend using [trusted publishing](/trusted-publishers) when available, as it provides enhanced security without requiring token management.
-If trusted publishing is not available for your CI/CD provider, you can create a [granular access token with bypass 2FA enabled][create-token] on the website. This will allow you to publish even if you have two-factor authentication enabled on your account.
+If trusted publishing is not available for your CI/CD provider, you must create a [granular access token with bypass 2FA enabled][create-token] on the website. This will allow you to publish in your CI/CD workflows even if you have two-factor authentication enabled on your account.
From 6351332a33b2ff0771b25150075ce1383853bdaa Mon Sep 17 00:00:00 2001
From: shmam
Date: Mon, 24 Nov 2025 13:20:05 -0500
Subject: [PATCH 09/23] [docs] Clarify 2FA bypass requirements for access
tokens in package publishing
---
.../creating-and-viewing-access-tokens.mdx | 1 +
1 file changed, 1 insertion(+)
diff --git a/content/integrations/integrating-npm-with-external-services/creating-and-viewing-access-tokens.mdx b/content/integrations/integrating-npm-with-external-services/creating-and-viewing-access-tokens.mdx
index d0475c2e021..09a04b91a9c 100644
--- a/content/integrations/integrating-npm-with-external-services/creating-and-viewing-access-tokens.mdx
+++ b/content/integrations/integrating-npm-with-external-services/creating-and-viewing-access-tokens.mdx
@@ -25,6 +25,7 @@ You can [create](#creating-access-tokens) and [view](#viewing-access-tokens) acc
5. (Optional) Check the **Bypass two-factor authentication** checkbox if you want this token to bypass 2FA requirements for write actions.
- This setting is unchecked (false) by default
- By checking this box, the token will bypass 2FA for write actions even if 2FA is enabled at the account or package level
+ - **Note:** For publishing packages, you must have either 2FA enabled on your account OR use a token with bypass 2FA enabled.
6. (Optional) In the **Allowed IP Ranges** field, enter IP address ranges to restrict your access token to. You must use [CIDR][cidr-wiki] notation to enter IP address ranges. To add more than one allowed IP range, click **Add IP Range** and enter an IP range in the new text field.
From f49d2e6f02c1f5494fefb2a88c449fd7bfaf60ba Mon Sep 17 00:00:00 2001
From: shmam
Date: Mon, 24 Nov 2025 13:20:56 -0500
Subject: [PATCH 10/23] [docs] Update 2FA requirements for package publishing
in user account setup
---
.../about-two-factor-authentication.mdx | 11 +++++++++++
.../configuring-two-factor-authentication.mdx | 11 +++++++++++
2 files changed, 22 insertions(+)
diff --git a/content/getting-started/setting-up-your-npm-user-account/about-two-factor-authentication.mdx b/content/getting-started/setting-up-your-npm-user-account/about-two-factor-authentication.mdx
index d4e0c6b7b94..d6d302e084e 100644
--- a/content/getting-started/setting-up-your-npm-user-account/about-two-factor-authentication.mdx
+++ b/content/getting-started/setting-up-your-npm-user-account/about-two-factor-authentication.mdx
@@ -20,6 +20,16 @@ When you enable 2FA, you will be prompted for a second form of authentication be
+
+
+**Important:** Publishing packages to npm now requires either:
+- Two-factor authentication (2FA) enabled on your account, OR
+- A [granular access token with bypass 2FA enabled][granular-tokens] (for CI/CD workflows)
+
+For more information, see "[Requiring 2FA for package publishing][pkg-2fa]."
+
+
+
## Two-factor authentication on npm
Two-factor authentication on npm can be enabled for authorization and writes, or authorization only.
@@ -63,6 +73,7 @@ If you enable 2FA for authorization only. We will request a second form of authe
[token-create]: https://docs.npmjs.com/cli/token
[token-revoke]: https://docs.npmjs.com/cli/token
[publish]: https://docs.npmjs.com/cli/publish
+[granular-tokens]: /creating-and-viewing-access-tokens
[unpublish]: https://docs.npmjs.com/cli/unpublish
[deprecate]: https://docs.npmjs.com/cli/deprecate
[access]: https://docs.npmjs.com/cli/access
diff --git a/content/getting-started/setting-up-your-npm-user-account/configuring-two-factor-authentication.mdx b/content/getting-started/setting-up-your-npm-user-account/configuring-two-factor-authentication.mdx
index f0950aafcaf..a48d78db55b 100644
--- a/content/getting-started/setting-up-your-npm-user-account/configuring-two-factor-authentication.mdx
+++ b/content/getting-started/setting-up-your-npm-user-account/configuring-two-factor-authentication.mdx
@@ -6,6 +6,16 @@ import shared from '~/shared.js'
You can enable two-factor authentication (2FA) on your npm user account to protect against unauthorized access to your account and packages using a [security-key][webauthn].
+
+
+**Important:** Publishing packages to npm now requires either:
+- Two-factor authentication (2FA) enabled on your account, OR
+- A [granular access token with bypass 2FA enabled][creating-token] (for CI/CD workflows)
+
+If you plan to publish packages, you must enable 2FA or use a bypass 2FA token.
+
+
+
## Prerequisites
Before you enable 2FA on your npm user account, you must:
@@ -193,6 +203,7 @@ The Twitter or GitHub account is now linked to your npm account. To remove the l
[can-i-use]: https://caniuse.com/#search=webauthn
[viewing-and-regenerating-recovery-code]: /recovering-your-2fa-enabled-account#viewing-and-regenerating-recovery-code
[webauthn]: https://webauthn.guide/
+[creating-token]: /creating-and-viewing-access-tokens
[u2f]: https://en.wikipedia.org/wiki/Universal_2nd_Factor
[windows-hello]: https://support.microsoft.com/en-us/windows/learn-about-windows-hello-and-set-it-up-dae28983-8242-bb2a-d3d1-87c9d265a5f0
[touch-id]: https://support.apple.com/en-gb/HT204587
From cc7aa2c1eafa5c42296eb8e5c1cfaecae63ad7f2 Mon Sep 17 00:00:00 2001
From: shmam
Date: Mon, 24 Nov 2025 17:07:05 -0500
Subject: [PATCH 11/23] updated to npm access
---
content/cli/v10/commands/npm-access.mdx | 2 +-
content/cli/v6/commands/npm-access.mdx | 2 +-
content/cli/v7/commands/npm-access.mdx | 2 +-
content/cli/v8/commands/npm-access.mdx | 3 +--
content/cli/v9/commands/npm-access.mdx | 4 ++--
5 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/content/cli/v10/commands/npm-access.mdx b/content/cli/v10/commands/npm-access.mdx
index 900fafb1772..34e44daa59d 100644
--- a/content/cli/v10/commands/npm-access.mdx
+++ b/content/cli/v10/commands/npm-access.mdx
@@ -26,7 +26,7 @@ npm access list packages [||] []
npm access list collaborators [ []]
npm access get status []
npm access set status=public|private []
-npm access set mfa=none|publish|automation []
+npm access set mfa=publish|automation []
npm access grant []
npm access revoke []
```
diff --git a/content/cli/v6/commands/npm-access.mdx b/content/cli/v6/commands/npm-access.mdx
index 29c858614b5..29d705b4874 100644
--- a/content/cli/v6/commands/npm-access.mdx
+++ b/content/cli/v6/commands/npm-access.mdx
@@ -46,7 +46,7 @@ For all of the subcommands, `npm access` will perform actions on the packages in
- grant / revoke: Add or remove the ability of users and teams to have read-only or read-write access to a package.
-- 2fa-required / 2fa-not-required: Configure whether a package requires that anyone publishing it have two-factor authentication enabled on their account.
+- 2fa-required / 2fa-not-required: Configure whether a package requires that anyone publishing it have two-factor authentication enabled on their account. All packages now require either two-factor authentication or a granular access token with bypass 2FA enabled by default. The "Don't require two-factor authentication" option has been removed from the web interface.
- ls-packages: Show all of the packages a user or a team is able to access, along with the access level, except for read-only public packages (it won't print the whole registry listing)
diff --git a/content/cli/v7/commands/npm-access.mdx b/content/cli/v7/commands/npm-access.mdx
index 6bb68d6862b..7a9f758de64 100644
--- a/content/cli/v7/commands/npm-access.mdx
+++ b/content/cli/v7/commands/npm-access.mdx
@@ -46,7 +46,7 @@ For all of the subcommands, `npm access` will perform actions on the packages in
- grant / revoke: Add or remove the ability of users and teams to have read-only or read-write access to a package.
-- 2fa-required / 2fa-not-required: Configure whether a package requires that anyone publishing it have two-factor authentication enabled on their account.
+- 2fa-required / 2fa-not-required: Configure whether a package requires that anyone publishing it have two-factor authentication enabled on their account. All packages now require either two-factor authentication or a granular access token with bypass 2FA enabled by default. The "Don't require two-factor authentication" option has been removed from the web interface.
- ls-packages: Show all of the packages a user or a team is able to access, along with the access level, except for read-only public packages (it won't print the whole registry listing)
diff --git a/content/cli/v8/commands/npm-access.mdx b/content/cli/v8/commands/npm-access.mdx
index 62e95935b22..338f91a097d 100644
--- a/content/cli/v8/commands/npm-access.mdx
+++ b/content/cli/v8/commands/npm-access.mdx
@@ -43,8 +43,7 @@ For all of the subcommands, `npm access` will perform actions on the packages in
- grant / revoke (deprecated): Add or remove the ability of users and teams to have read-only or read-write access to a package.
-- 2fa-required / 2fa-not-required (deprecated): Configure whether a package requires that anyone publishing it have two-factor authentication enabled on their account.
-
+- 2fa-required / 2fa-not-required (deprecated): Configure whether a package requires that anyone publishing it have two-factor authentication enabled on their account. All packages now require either two-factor authentication or a granular access token with bypass 2FA enabled by default. The "Don't require two-factor authentication" option has been removed from the web interface.
- ls-packages (deprecated): Show all of the packages a user or a team is able to access, along with the access level, except for read-only public packages (it won't print the whole registry listing)
- ls-collaborators (deprecated): Show all of the access privileges for a package. Will only show permissions for packages to which you have at least read access. If `` is passed in, the list is filtered only to teams _that_ user happens to belong to.
diff --git a/content/cli/v9/commands/npm-access.mdx b/content/cli/v9/commands/npm-access.mdx
index 094305dfe4d..54d64ca39a7 100644
--- a/content/cli/v9/commands/npm-access.mdx
+++ b/content/cli/v9/commands/npm-access.mdx
@@ -26,7 +26,7 @@ npm access list packages [|| []
npm access list collaborators [ []]
npm access get status []
npm access set status=public|private []
-npm access set mfa=none|publish|automation []
+npm access set mfa=publish|automation []
npm access grant []
npm access revoke []
```
@@ -43,7 +43,7 @@ For all of the subcommands, `npm access` will perform actions on the packages in
- grant / revoke (deprecated): Add or remove the ability of users and teams to have read-only or read-write access to a package.
-- 2fa-required / 2fa-not-required (deprecated): Configure whether a package requires that anyone publishing it have two-factor authentication enabled on their account.
+- 2fa-required / 2fa-not-required (deprecated): Configure whether a package requires that anyone publishing it have two-factor authentication enabled on their account. All packages now require either two-factor authentication or a granular access token with bypass 2FA enabled by default. The "Don't require two-factor authentication" option has been removed from the web interface.
- ls-packages (deprecated): Show all of the packages a user or a team is able to access, along with the access level, except for read-only public packages (it won't print the whole registry listing)
From 3290b30ab3a509caf7715204300e49f3134dcd77 Mon Sep 17 00:00:00 2001
From: shmam
Date: Mon, 24 Nov 2025 17:10:15 -0500
Subject: [PATCH 12/23] changes to npm publish
---
content/cli/v10/commands/npm-publish.mdx | 8 ++++++++
content/cli/v11/commands/npm-publish.mdx | 8 ++++++++
content/cli/v6/commands/npm-publish.mdx | 6 ++++++
content/cli/v7/commands/npm-publish.mdx | 8 ++++++++
content/cli/v8/commands/npm-publish.mdx | 8 ++++++++
content/cli/v9/commands/npm-publish.mdx | 8 ++++++++
6 files changed, 46 insertions(+)
diff --git a/content/cli/v10/commands/npm-publish.mdx b/content/cli/v10/commands/npm-publish.mdx
index 2b8a6d97205..365f577dd97 100644
--- a/content/cli/v10/commands/npm-publish.mdx
+++ b/content/cli/v10/commands/npm-publish.mdx
@@ -29,6 +29,12 @@ npm publish
Publishes a package to the registry so that it can be installed by name.
+**Important:** Publishing to npm requires either:
+- Two-factor authentication (2FA) enabled on your account, OR
+- A granular access token with bypass 2FA enabled (for CI/CD workflows)
+
+For more information, see the npm documentation on [requiring 2FA for package publishing](https://docs.npmjs.com/requiring-2fa-for-package-publishing-and-settings-modification).
+
By default npm will publish to the public registry. This can be overridden by specifying a different default registry or using a [`scope`](/cli/v10/using-npm/scope) in the name, combined with a scope-configured registry (see [`package.json`](/cli/v10/configuring-npm/package-json)).
A `package` is interpreted the same way as other commands (like `npm install`) and can be:
@@ -111,6 +117,8 @@ This is a one-time password from a two-factor authenticator. It's needed when pu
If not set, and a registry response fails with a challenge for a one-time password, npm will prompt on the command line for one.
+**Note:** As an alternative to using 2FA with OTP, you can publish using a granular access token with bypass 2FA enabled. This is commonly used in CI/CD workflows where interactive authentication is not possible.
+
#### `workspace`
- Default:
diff --git a/content/cli/v11/commands/npm-publish.mdx b/content/cli/v11/commands/npm-publish.mdx
index 2793abd2e7a..a2a6fb98dc3 100644
--- a/content/cli/v11/commands/npm-publish.mdx
+++ b/content/cli/v11/commands/npm-publish.mdx
@@ -49,6 +49,12 @@ Publishes a package to the registry so that it can be installed by name.
Publish the package in the current directory:
+**Important:** Publishing to npm requires either:
+- Two-factor authentication (2FA) enabled on your account, OR
+- A granular access token with bypass 2FA enabled (for CI/CD workflows)
+
+For more information, see the npm documentation on [requiring 2FA for package publishing](https://docs.npmjs.com/requiring-2fa-for-package-publishing-and-settings-modification).
+
```bash
npm publish
```
@@ -155,6 +161,8 @@ This is a one-time password from a two-factor authenticator. It's needed when pu
If not set, and a registry response fails with a challenge for a one-time password, npm will prompt on the command line for one.
+**Note:** As an alternative to using 2FA with OTP, you can publish using a granular access token with bypass 2FA enabled. This is commonly used in CI/CD workflows where interactive authentication is not possible.
+
#### `workspace`
- Default:
diff --git a/content/cli/v6/commands/npm-publish.mdx b/content/cli/v6/commands/npm-publish.mdx
index 7d1fee0260b..56b028a4a3b 100644
--- a/content/cli/v6/commands/npm-publish.mdx
+++ b/content/cli/v6/commands/npm-publish.mdx
@@ -32,6 +32,12 @@ Sets tag 'latest' if no --tag specified
Publishes a package to the registry so that it can be installed by name. All files in the package directory are included if no local `.gitignore` or `.npmignore` file exists. If both files exist and a file is ignored by `.gitignore` but not by `.npmignore` then it will be included. See [`developers`](/cli/v6/using-npm/developers) for full details on what's included in the published package, as well as details on how the package is built.
+**Important:** Publishing to npm requires either:
+- Two-factor authentication (2FA) enabled on your account, OR
+- A granular access token with bypass 2FA enabled (for CI/CD workflows)
+
+For more information, see the npm documentation on [requiring 2FA for package publishing](https://docs.npmjs.com/requiring-2fa-for-package-publishing-and-settings-modification).
+
By default npm will publish to the public registry. This can be overridden by specifying a different default registry or using a [`scope`](/cli/v6/using-npm/scope) in the name (see [`package.json`](/cli/v6/configuring-npm/package-json)).
- ``: A folder containing a package.json file
diff --git a/content/cli/v7/commands/npm-publish.mdx b/content/cli/v7/commands/npm-publish.mdx
index fbf9e9a6d6d..3d98d28aa20 100644
--- a/content/cli/v7/commands/npm-publish.mdx
+++ b/content/cli/v7/commands/npm-publish.mdx
@@ -32,6 +32,12 @@ Sets tag 'latest' if no --tag specified
Publishes a package to the registry so that it can be installed by name.
+**Important:** Publishing to npm requires either:
+- Two-factor authentication (2FA) enabled on your account, OR
+- A granular access token with bypass 2FA enabled (for CI/CD workflows)
+
+For more information, see the npm documentation on [requiring 2FA for package publishing](https://docs.npmjs.com/requiring-2fa-for-package-publishing-and-settings-modification).
+
By default npm will publish to the public registry. This can be overridden by specifying a different default registry or using a [`scope`](/cli/v7/using-npm/scope) in the name (see [`package.json`](/cli/v7/configuring-npm/package-json)).
- ``: A folder containing a package.json file
@@ -116,6 +122,8 @@ This is a one-time password from a two-factor authenticator. It's needed when pu
If not set, and a registry response fails with a challenge for a one-time password, npm will prompt on the command line for one.
+**Note:** As an alternative to using 2FA with OTP, you can publish using a granular access token with bypass 2FA enabled. This is commonly used in CI/CD workflows where interactive authentication is not possible.
+
#### `workspace`
- Default:
diff --git a/content/cli/v8/commands/npm-publish.mdx b/content/cli/v8/commands/npm-publish.mdx
index 14df8a8c773..3f213e37a17 100644
--- a/content/cli/v8/commands/npm-publish.mdx
+++ b/content/cli/v8/commands/npm-publish.mdx
@@ -29,6 +29,12 @@ npm publish
Publishes a package to the registry so that it can be installed by name.
+**Important:** Publishing to npm requires either:
+- Two-factor authentication (2FA) enabled on your account, OR
+- A granular access token with bypass 2FA enabled (for CI/CD workflows)
+
+For more information, see the npm documentation on [requiring 2FA for package publishing](https://docs.npmjs.com/requiring-2fa-for-package-publishing-and-settings-modification).
+
By default npm will publish to the public registry. This can be overridden by specifying a different default registry or using a [`scope`](/cli/v8/using-npm/scope) in the name, combined with a scope-configured registry (see [`package.json`](/cli/v8/configuring-npm/package-json)).
A `package` is interpreted the same way as other commands (like `npm install` and can be:
@@ -107,6 +113,8 @@ This is a one-time password from a two-factor authenticator. It's needed when pu
If not set, and a registry response fails with a challenge for a one-time password, npm will prompt on the command line for one.
+**Note:** As an alternative to using 2FA with OTP, you can publish using a granular access token with bypass 2FA enabled. This is commonly used in CI/CD workflows where interactive authentication is not possible.
+
#### `workspace`
- Default:
diff --git a/content/cli/v9/commands/npm-publish.mdx b/content/cli/v9/commands/npm-publish.mdx
index cbb21d30592..f819e07325b 100644
--- a/content/cli/v9/commands/npm-publish.mdx
+++ b/content/cli/v9/commands/npm-publish.mdx
@@ -29,6 +29,12 @@ npm publish
Publishes a package to the registry so that it can be installed by name.
+**Important:** Publishing to npm requires either:
+- Two-factor authentication (2FA) enabled on your account, OR
+- A granular access token with bypass 2FA enabled (for CI/CD workflows)
+
+For more information, see the npm documentation on [requiring 2FA for package publishing](https://docs.npmjs.com/requiring-2fa-for-package-publishing-and-settings-modification).
+
By default npm will publish to the public registry. This can be overridden by specifying a different default registry or using a [`scope`](/cli/v9/using-npm/scope) in the name, combined with a scope-configured registry (see [`package.json`](/cli/v9/configuring-npm/package-json)).
A `package` is interpreted the same way as other commands (like `npm install` and can be:
@@ -109,6 +115,8 @@ This is a one-time password from a two-factor authenticator. It's needed when pu
If not set, and a registry response fails with a challenge for a one-time password, npm will prompt on the command line for one.
+**Note:** As an alternative to using 2FA with OTP, you can publish using a granular access token with bypass 2FA enabled. This is commonly used in CI/CD workflows where interactive authentication is not possible.
+
#### `workspace`
- Default:
From d9352cbf9de55a1a33e49f6ecb513c2354f638c0 Mon Sep 17 00:00:00 2001
From: shmam
Date: Tue, 25 Nov 2025 11:54:25 -0500
Subject: [PATCH 13/23] removing a section about disabling 2fa for writes
---
.../configuring-two-factor-authentication.mdx | 28 -------------------
1 file changed, 28 deletions(-)
diff --git a/content/getting-started/setting-up-your-npm-user-account/configuring-two-factor-authentication.mdx b/content/getting-started/setting-up-your-npm-user-account/configuring-two-factor-authentication.mdx
index a48d78db55b..4ab400b7c35 100644
--- a/content/getting-started/setting-up-your-npm-user-account/configuring-two-factor-authentication.mdx
+++ b/content/getting-started/setting-up-your-npm-user-account/configuring-two-factor-authentication.mdx
@@ -64,34 +64,6 @@ For more information on supported 2FA methods, see "[About two-factor authentica
8. Click **Go back to settings** after confirming that you have saved your codes.
-### Disabling 2FA for writes
-
-Check the [Authorization and writes][authorization-and-writes] section for more information on different operations that requires 2FA when this mode is enabled.
-
-
-
-**Note**: As a recommended setting, 2FA for write operations are _automatically enabled_ when setting up 2FA. The following steps explain how to disable it.
-
-
-
-1. <>{shared['user-login'].text}
-
- <>{shared['user-login'].image}
-
-2. <>{shared['account-settings'].text}
-
- <>{shared['account-settings'].image}
-
-3. On the account settings page, under "Two-Factor Authentication", click **Modify 2FA**.
-
-
-
-4. From the "Manage Two-Factor Authentication" navigate to "Additional Options" section
-
-5. Clear the checkbox for "Require two-factor authentication for write actions" and click "Update Preferences"
-
-
-
### Disabling 2FA
If you have 2FA enabled, you can remove it from your account settings page.
From b8d1abfc4353a6d03a16b37198a66b4fbe1a620e Mon Sep 17 00:00:00 2001
From: shmam
Date: Tue, 25 Nov 2025 11:59:37 -0500
Subject: [PATCH 14/23] [docs] Clarify 2FA requirements for package publishing
and access tokens
---
...g-2fa-for-package-publishing-and-settings-modification.mdx | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx b/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx
index 752525fe815..f8727e734a4 100644
--- a/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx
+++ b/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx
@@ -4,9 +4,9 @@ title: Requiring 2FA for package publishing and settings modification
import shared from '~/shared.js'
-To protect your packages, as a package publisher, you can require everyone who has write access to a package to have two-factor authentication (2FA) enabled. This will require that users provide 2FA credentials in addition to their login token when they publish the package. For more information, see "[Configuring two-factor authentication][config-2fa]".
+All packages now require two-factor authentication (2FA) for creating and publishing packages. For more information, see "[Configuring two-factor authentication][config-2fa]".
-You may also choose to allow publishing with either two-factor authentication _or_ with [granular access tokens with bypass 2FA enabled][creating-granular-access-token]. This lets you configure tokens in a CI/CD workflow, but requires two-factor authentication from interactive publishes.
+You may also choose to publish with [granular access tokens with bypass 2FA enabled][creating-granular-access-token]. This lets you configure tokens in a CI/CD workflow, but requires two-factor authentication from interactive publishes.
For CI/CD workflows, consider using [trusted publishing](/trusted-publishers), which provides secure, token-free publishing that automatically enforces strong authentication without requiring manual token management.
From b76012c5b3a67855f90d044eb80a55448494382d Mon Sep 17 00:00:00 2001
From: shmam
Date: Tue, 25 Nov 2025 12:01:26 -0500
Subject: [PATCH 15/23] [docs] Update npm access command to remove 'none'
option for MFA
---
content/cli/v11/commands/npm-access.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/content/cli/v11/commands/npm-access.mdx b/content/cli/v11/commands/npm-access.mdx
index 654727214f0..a7d53b81c82 100644
--- a/content/cli/v11/commands/npm-access.mdx
+++ b/content/cli/v11/commands/npm-access.mdx
@@ -42,7 +42,7 @@ npm access list packages [||] []
npm access list collaborators [ []]
npm access get status []
npm access set status=public|private []
-npm access set mfa=none|publish|automation []
+npm access set mfa=publish|automation []
npm access grant []
npm access revoke []
```
From b0ad1dd3c1def2c2217e6c1da24911eb7f38ae6b Mon Sep 17 00:00:00 2001
From: shmam
Date: Tue, 25 Nov 2025 13:14:01 -0500
Subject: [PATCH 16/23] [docs] Update 2FA requirements for npm publish
documentation
---
content/cli/v10/commands/npm-publish.mdx | 6 +++++-
content/cli/v11/commands/npm-publish.mdx | 6 +++++-
content/cli/v6/commands/npm-publish.mdx | 6 +++++-
content/cli/v7/commands/npm-publish.mdx | 6 +++++-
content/cli/v8/commands/npm-publish.mdx | 6 +++++-
content/cli/v9/commands/npm-publish.mdx | 6 +++++-
6 files changed, 30 insertions(+), 6 deletions(-)
diff --git a/content/cli/v10/commands/npm-publish.mdx b/content/cli/v10/commands/npm-publish.mdx
index 365f577dd97..98d743a753c 100644
--- a/content/cli/v10/commands/npm-publish.mdx
+++ b/content/cli/v10/commands/npm-publish.mdx
@@ -29,11 +29,15 @@ npm publish
Publishes a package to the registry so that it can be installed by name.
+
+
**Important:** Publishing to npm requires either:
- Two-factor authentication (2FA) enabled on your account, OR
- A granular access token with bypass 2FA enabled (for CI/CD workflows)
-For more information, see the npm documentation on [requiring 2FA for package publishing](https://docs.npmjs.com/requiring-2fa-for-package-publishing-and-settings-modification).
+For more information, see the npm documentation on [requiring 2FA for package publishing](/requiring-2fa-for-package-publishing-and-settings-modification).
+
+
By default npm will publish to the public registry. This can be overridden by specifying a different default registry or using a [`scope`](/cli/v10/using-npm/scope) in the name, combined with a scope-configured registry (see [`package.json`](/cli/v10/configuring-npm/package-json)).
diff --git a/content/cli/v11/commands/npm-publish.mdx b/content/cli/v11/commands/npm-publish.mdx
index a2a6fb98dc3..c64965d1448 100644
--- a/content/cli/v11/commands/npm-publish.mdx
+++ b/content/cli/v11/commands/npm-publish.mdx
@@ -49,11 +49,15 @@ Publishes a package to the registry so that it can be installed by name.
Publish the package in the current directory:
+
+
**Important:** Publishing to npm requires either:
- Two-factor authentication (2FA) enabled on your account, OR
- A granular access token with bypass 2FA enabled (for CI/CD workflows)
-For more information, see the npm documentation on [requiring 2FA for package publishing](https://docs.npmjs.com/requiring-2fa-for-package-publishing-and-settings-modification).
+For more information, see the npm documentation on [requiring 2FA for package publishing](/requiring-2fa-for-package-publishing-and-settings-modification).
+
+
```bash
npm publish
diff --git a/content/cli/v6/commands/npm-publish.mdx b/content/cli/v6/commands/npm-publish.mdx
index 56b028a4a3b..711cd905457 100644
--- a/content/cli/v6/commands/npm-publish.mdx
+++ b/content/cli/v6/commands/npm-publish.mdx
@@ -32,11 +32,15 @@ Sets tag 'latest' if no --tag specified
Publishes a package to the registry so that it can be installed by name. All files in the package directory are included if no local `.gitignore` or `.npmignore` file exists. If both files exist and a file is ignored by `.gitignore` but not by `.npmignore` then it will be included. See [`developers`](/cli/v6/using-npm/developers) for full details on what's included in the published package, as well as details on how the package is built.
+
+
**Important:** Publishing to npm requires either:
- Two-factor authentication (2FA) enabled on your account, OR
- A granular access token with bypass 2FA enabled (for CI/CD workflows)
-For more information, see the npm documentation on [requiring 2FA for package publishing](https://docs.npmjs.com/requiring-2fa-for-package-publishing-and-settings-modification).
+For more information, see the npm documentation on [requiring 2FA for package publishing](/requiring-2fa-for-package-publishing-and-settings-modification).
+
+
By default npm will publish to the public registry. This can be overridden by specifying a different default registry or using a [`scope`](/cli/v6/using-npm/scope) in the name (see [`package.json`](/cli/v6/configuring-npm/package-json)).
diff --git a/content/cli/v7/commands/npm-publish.mdx b/content/cli/v7/commands/npm-publish.mdx
index 3d98d28aa20..a5723d8de60 100644
--- a/content/cli/v7/commands/npm-publish.mdx
+++ b/content/cli/v7/commands/npm-publish.mdx
@@ -32,11 +32,15 @@ Sets tag 'latest' if no --tag specified
Publishes a package to the registry so that it can be installed by name.
+
+
**Important:** Publishing to npm requires either:
- Two-factor authentication (2FA) enabled on your account, OR
- A granular access token with bypass 2FA enabled (for CI/CD workflows)
-For more information, see the npm documentation on [requiring 2FA for package publishing](https://docs.npmjs.com/requiring-2fa-for-package-publishing-and-settings-modification).
+For more information, see the npm documentation on [requiring 2FA for package publishing](/requiring-2fa-for-package-publishing-and-settings-modification).
+
+
By default npm will publish to the public registry. This can be overridden by specifying a different default registry or using a [`scope`](/cli/v7/using-npm/scope) in the name (see [`package.json`](/cli/v7/configuring-npm/package-json)).
diff --git a/content/cli/v8/commands/npm-publish.mdx b/content/cli/v8/commands/npm-publish.mdx
index 3f213e37a17..ef0d6eaaca4 100644
--- a/content/cli/v8/commands/npm-publish.mdx
+++ b/content/cli/v8/commands/npm-publish.mdx
@@ -29,11 +29,15 @@ npm publish
Publishes a package to the registry so that it can be installed by name.
+
+
**Important:** Publishing to npm requires either:
- Two-factor authentication (2FA) enabled on your account, OR
- A granular access token with bypass 2FA enabled (for CI/CD workflows)
-For more information, see the npm documentation on [requiring 2FA for package publishing](https://docs.npmjs.com/requiring-2fa-for-package-publishing-and-settings-modification).
+For more information, see the npm documentation on [requiring 2FA for package publishing](/requiring-2fa-for-package-publishing-and-settings-modification).
+
+
By default npm will publish to the public registry. This can be overridden by specifying a different default registry or using a [`scope`](/cli/v8/using-npm/scope) in the name, combined with a scope-configured registry (see [`package.json`](/cli/v8/configuring-npm/package-json)).
diff --git a/content/cli/v9/commands/npm-publish.mdx b/content/cli/v9/commands/npm-publish.mdx
index f819e07325b..d6c88d1ff06 100644
--- a/content/cli/v9/commands/npm-publish.mdx
+++ b/content/cli/v9/commands/npm-publish.mdx
@@ -29,11 +29,15 @@ npm publish
Publishes a package to the registry so that it can be installed by name.
+
+
**Important:** Publishing to npm requires either:
- Two-factor authentication (2FA) enabled on your account, OR
- A granular access token with bypass 2FA enabled (for CI/CD workflows)
-For more information, see the npm documentation on [requiring 2FA for package publishing](https://docs.npmjs.com/requiring-2fa-for-package-publishing-and-settings-modification).
+For more information, see the npm documentation on [requiring 2FA for package publishing](/requiring-2fa-for-package-publishing-and-settings-modification).
+
+
By default npm will publish to the public registry. This can be overridden by specifying a different default registry or using a [`scope`](/cli/v9/using-npm/scope) in the name, combined with a scope-configured registry (see [`package.json`](/cli/v9/configuring-npm/package-json)).
From 26b353d85ccd986ae64d9dd7abea0d0e44578aa3 Mon Sep 17 00:00:00 2001
From: shmam
Date: Wed, 3 Dec 2025 10:53:34 -0500
Subject: [PATCH 17/23] npm run format
---
content/cli/v10/commands/npm-publish.mdx | 1 +
content/cli/v11/commands/npm-publish.mdx | 1 +
content/cli/v6/commands/npm-publish.mdx | 1 +
content/cli/v7/commands/npm-publish.mdx | 1 +
content/cli/v8/commands/npm-publish.mdx | 1 +
content/cli/v9/commands/npm-publish.mdx | 1 +
.../about-two-factor-authentication.mdx | 1 +
.../configuring-two-factor-authentication.mdx | 1 +
.../creating-and-publishing-private-packages.mdx | 1 +
.../creating-and-publishing-scoped-public-packages.mdx | 1 +
.../creating-and-publishing-unscoped-public-packages.mdx | 1 +
.../creating-node-js-modules.mdx | 5 ++---
...-2fa-for-package-publishing-and-settings-modification.mdx | 5 ++---
13 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/content/cli/v10/commands/npm-publish.mdx b/content/cli/v10/commands/npm-publish.mdx
index 98d743a753c..3161f847a1e 100644
--- a/content/cli/v10/commands/npm-publish.mdx
+++ b/content/cli/v10/commands/npm-publish.mdx
@@ -32,6 +32,7 @@ Publishes a package to the registry so that it can be installed by name.
**Important:** Publishing to npm requires either:
+
- Two-factor authentication (2FA) enabled on your account, OR
- A granular access token with bypass 2FA enabled (for CI/CD workflows)
diff --git a/content/cli/v11/commands/npm-publish.mdx b/content/cli/v11/commands/npm-publish.mdx
index c64965d1448..cdefd39aed2 100644
--- a/content/cli/v11/commands/npm-publish.mdx
+++ b/content/cli/v11/commands/npm-publish.mdx
@@ -52,6 +52,7 @@ Publish the package in the current directory:
**Important:** Publishing to npm requires either:
+
- Two-factor authentication (2FA) enabled on your account, OR
- A granular access token with bypass 2FA enabled (for CI/CD workflows)
diff --git a/content/cli/v6/commands/npm-publish.mdx b/content/cli/v6/commands/npm-publish.mdx
index 711cd905457..06fe8be0a79 100644
--- a/content/cli/v6/commands/npm-publish.mdx
+++ b/content/cli/v6/commands/npm-publish.mdx
@@ -35,6 +35,7 @@ Publishes a package to the registry so that it can be installed by name. All fil
**Important:** Publishing to npm requires either:
+
- Two-factor authentication (2FA) enabled on your account, OR
- A granular access token with bypass 2FA enabled (for CI/CD workflows)
diff --git a/content/cli/v7/commands/npm-publish.mdx b/content/cli/v7/commands/npm-publish.mdx
index a5723d8de60..cf38a893580 100644
--- a/content/cli/v7/commands/npm-publish.mdx
+++ b/content/cli/v7/commands/npm-publish.mdx
@@ -35,6 +35,7 @@ Publishes a package to the registry so that it can be installed by name.
**Important:** Publishing to npm requires either:
+
- Two-factor authentication (2FA) enabled on your account, OR
- A granular access token with bypass 2FA enabled (for CI/CD workflows)
diff --git a/content/cli/v8/commands/npm-publish.mdx b/content/cli/v8/commands/npm-publish.mdx
index ef0d6eaaca4..c503b4e4c3a 100644
--- a/content/cli/v8/commands/npm-publish.mdx
+++ b/content/cli/v8/commands/npm-publish.mdx
@@ -32,6 +32,7 @@ Publishes a package to the registry so that it can be installed by name.
**Important:** Publishing to npm requires either:
+
- Two-factor authentication (2FA) enabled on your account, OR
- A granular access token with bypass 2FA enabled (for CI/CD workflows)
diff --git a/content/cli/v9/commands/npm-publish.mdx b/content/cli/v9/commands/npm-publish.mdx
index d6c88d1ff06..0304f57d8c8 100644
--- a/content/cli/v9/commands/npm-publish.mdx
+++ b/content/cli/v9/commands/npm-publish.mdx
@@ -32,6 +32,7 @@ Publishes a package to the registry so that it can be installed by name.
**Important:** Publishing to npm requires either:
+
- Two-factor authentication (2FA) enabled on your account, OR
- A granular access token with bypass 2FA enabled (for CI/CD workflows)
diff --git a/content/getting-started/setting-up-your-npm-user-account/about-two-factor-authentication.mdx b/content/getting-started/setting-up-your-npm-user-account/about-two-factor-authentication.mdx
index d6d302e084e..5f0d961bdee 100644
--- a/content/getting-started/setting-up-your-npm-user-account/about-two-factor-authentication.mdx
+++ b/content/getting-started/setting-up-your-npm-user-account/about-two-factor-authentication.mdx
@@ -23,6 +23,7 @@ When you enable 2FA, you will be prompted for a second form of authentication be
**Important:** Publishing packages to npm now requires either:
+
- Two-factor authentication (2FA) enabled on your account, OR
- A [granular access token with bypass 2FA enabled][granular-tokens] (for CI/CD workflows)
diff --git a/content/getting-started/setting-up-your-npm-user-account/configuring-two-factor-authentication.mdx b/content/getting-started/setting-up-your-npm-user-account/configuring-two-factor-authentication.mdx
index 4ab400b7c35..2ae75d5abc5 100644
--- a/content/getting-started/setting-up-your-npm-user-account/configuring-two-factor-authentication.mdx
+++ b/content/getting-started/setting-up-your-npm-user-account/configuring-two-factor-authentication.mdx
@@ -9,6 +9,7 @@ You can enable two-factor authentication (2FA) on your npm user account to prote
**Important:** Publishing packages to npm now requires either:
+
- Two-factor authentication (2FA) enabled on your account, OR
- A [granular access token with bypass 2FA enabled][creating-token] (for CI/CD workflows)
diff --git a/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-private-packages.mdx b/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-private-packages.mdx
index 8f5070ba3ff..e2204f8d457 100644
--- a/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-private-packages.mdx
+++ b/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-private-packages.mdx
@@ -84,6 +84,7 @@ By default, scoped packages are published with private visibility.
**Important:** Before you can publish, you must have either:
+
- [Two-factor authentication (2FA)][config-2fa] enabled on your account, OR
- A [granular access token with bypass 2FA enabled][creating-token] (required for CI/CD workflows)
diff --git a/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-scoped-public-packages.mdx b/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-scoped-public-packages.mdx
index 1be8350c88d..f0561f3ca15 100644
--- a/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-scoped-public-packages.mdx
+++ b/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-scoped-public-packages.mdx
@@ -80,6 +80,7 @@ By default, scoped packages are published with private visibility. To publish a
**Important:** Before you can publish, you must have either:
+
- [Two-factor authentication (2FA)][config-2fa] enabled on your account, OR
- A [granular access token with bypass 2FA enabled][creating-token] (required for CI/CD workflows)
diff --git a/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-unscoped-public-packages.mdx b/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-unscoped-public-packages.mdx
index 6eec443de89..ba4eecfb9ef 100644
--- a/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-unscoped-public-packages.mdx
+++ b/content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-unscoped-public-packages.mdx
@@ -61,6 +61,7 @@ npm install path/to/my-package
**Important:** Before you can publish, you must have either:
+
- [Two-factor authentication (2FA)][config-2fa] enabled on your account, OR
- A [granular access token with bypass 2FA enabled][creating-token] (required for CI/CD workflows)
diff --git a/content/packages-and-modules/contributing-packages-to-the-registry/creating-node-js-modules.mdx b/content/packages-and-modules/contributing-packages-to-the-registry/creating-node-js-modules.mdx
index ab2a1aecb4f..43fe3ed73aa 100644
--- a/content/packages-and-modules/contributing-packages-to-the-registry/creating-node-js-modules.mdx
+++ b/content/packages-and-modules/contributing-packages-to-the-registry/creating-node-js-modules.mdx
@@ -38,11 +38,10 @@ exports.printMsg = function() {
1. Publish your package to npm:
-
+
**Important:** Before you can publish, you must have either [two-factor authentication (2FA)][config-2fa] enabled on your account, or a [granular access token with bypass 2FA enabled][creating-token] for CI/CD workflows.
-
-
+
- For [private packages][priv-pkg-pub] and [unscoped packages][unscoped-pkg-pub], use `npm publish`.
- For [scoped public packages][scoped-pkg-pub], use `npm publish --access public`
diff --git a/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx b/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx
index f8727e734a4..6f082fb036e 100644
--- a/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx
+++ b/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx
@@ -36,11 +36,10 @@ For CI/CD workflows, consider using [trusted publishing](/trusted-publishers), w
4. Under "Publishing access", select the requirements to publish a package.
-
+
**Note:** All packages now require either two-factor authentication or a granular access token with bypass 2FA enabled to publish. This is the default setting for all new packages.
-
-
+
1. **Require two-factor authentication or granular access tokens** (Default)
With this option, maintainers must have two-factor authentication enabled for their account. If they publish a package interactively, using the `npm publish` command, they will be required to enter 2FA credentials when they perform the publish. However, maintainers may also create a [granular access token with bypass 2FA enabled][creating-granular-access-token] and use that to publish. A second factor is _not_ required when using these specific token types, making them useful for continuous integration and continuous deployment workflows.
From 8cd73eae3d13cbda2c92afbdd899b37f4a5eec70 Mon Sep 17 00:00:00 2001
From: shmam
Date: Wed, 3 Dec 2025 10:58:16 -0500
Subject: [PATCH 18/23] format again?
---
.../creating-node-js-modules.mdx | 5 +++--
...-for-package-publishing-and-settings-modification.mdx | 9 ++++-----
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/content/packages-and-modules/contributing-packages-to-the-registry/creating-node-js-modules.mdx b/content/packages-and-modules/contributing-packages-to-the-registry/creating-node-js-modules.mdx
index 43fe3ed73aa..427e2468519 100644
--- a/content/packages-and-modules/contributing-packages-to-the-registry/creating-node-js-modules.mdx
+++ b/content/packages-and-modules/contributing-packages-to-the-registry/creating-node-js-modules.mdx
@@ -42,8 +42,9 @@ exports.printMsg = function() {
**Important:** Before you can publish, you must have either [two-factor authentication (2FA)][config-2fa] enabled on your account, or a [granular access token with bypass 2FA enabled][creating-token] for CI/CD workflows.
- - For [private packages][priv-pkg-pub] and [unscoped packages][unscoped-pkg-pub], use `npm publish`.
- - For [scoped public packages][scoped-pkg-pub], use `npm publish --access public`
+
+- For [private packages][priv-pkg-pub] and [unscoped packages][unscoped-pkg-pub], use `npm publish`.
+- For [scoped public packages][scoped-pkg-pub], use `npm publish --access public`
2. On the command line, create a new test directory outside of your project directory.
diff --git a/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx b/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx
index 6f082fb036e..e9630961feb 100644
--- a/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx
+++ b/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx
@@ -40,15 +40,14 @@ For CI/CD workflows, consider using [trusted publishing](/trusted-publishers), w
**Note:** All packages now require either two-factor authentication or a granular access token with bypass 2FA enabled to publish. This is the default setting for all new packages.
- 1. **Require two-factor authentication or granular access tokens** (Default)
- With this option, maintainers must have two-factor authentication enabled for their account. If they publish a package interactively, using the `npm publish` command, they will be required to enter 2FA credentials when they perform the publish. However, maintainers may also create a [granular access token with bypass 2FA enabled][creating-granular-access-token] and use that to publish. A second factor is _not_ required when using these specific token types, making them useful for continuous integration and continuous deployment workflows.
- 2. **Require two-factor authentication and disallow tokens**
- With this option, a maintainer must have two-factor authentication enabled for their account, and they must publish interactively. Maintainers will be required to enter 2FA credentials when they perform the publish. Granular access tokens cannot be used to publish packages, regardless of their bypass 2FA setting.
+5. **Require two-factor authentication or granular access tokens** (Default)
+ With this option, maintainers must have two-factor authentication enabled for their account. If they publish a package interactively, using the `npm publish` command, they will be required to enter 2FA credentials when they perform the publish. However, maintainers may also create a [granular access token with bypass 2FA enabled][creating-granular-access-token] and use that to publish. A second factor is _not_ required when using these specific token types, making them useful for continuous integration and continuous deployment workflows. 2. **Require two-factor authentication and disallow tokens**
+ With this option, a maintainer must have two-factor authentication enabled for their account, and they must publish interactively. Maintainers will be required to enter 2FA credentials when they perform the publish. Granular access tokens cannot be used to publish packages, regardless of their bypass 2FA setting.
-5. Click **Update Package Settings**.
+6. Click **Update Package Settings**.
[config-2fa]: configuring-two-factor-authentication
[creating-granular-access-token]: creating-and-viewing-access-tokens#creating-granular-access-tokens-on-the-website
From 74b0bfb4b7f5e751adf37f3e8c517be28805bd60 Mon Sep 17 00:00:00 2001
From: shmam
Date: Wed, 3 Dec 2025 11:23:33 -0500
Subject: [PATCH 19/23] removing some notes that did not make sense
---
content/cli/v10/commands/npm-publish.mdx | 2 --
content/cli/v11/commands/npm-publish.mdx | 2 --
content/cli/v7/commands/npm-publish.mdx | 2 --
content/cli/v8/commands/npm-publish.mdx | 2 --
content/cli/v9/commands/npm-publish.mdx | 2 --
.../creating-and-viewing-access-tokens.mdx | 1 -
6 files changed, 11 deletions(-)
diff --git a/content/cli/v10/commands/npm-publish.mdx b/content/cli/v10/commands/npm-publish.mdx
index 3161f847a1e..7c5813dc37b 100644
--- a/content/cli/v10/commands/npm-publish.mdx
+++ b/content/cli/v10/commands/npm-publish.mdx
@@ -122,8 +122,6 @@ This is a one-time password from a two-factor authenticator. It's needed when pu
If not set, and a registry response fails with a challenge for a one-time password, npm will prompt on the command line for one.
-**Note:** As an alternative to using 2FA with OTP, you can publish using a granular access token with bypass 2FA enabled. This is commonly used in CI/CD workflows where interactive authentication is not possible.
-
#### `workspace`
- Default:
diff --git a/content/cli/v11/commands/npm-publish.mdx b/content/cli/v11/commands/npm-publish.mdx
index cdefd39aed2..39e447b743d 100644
--- a/content/cli/v11/commands/npm-publish.mdx
+++ b/content/cli/v11/commands/npm-publish.mdx
@@ -166,8 +166,6 @@ This is a one-time password from a two-factor authenticator. It's needed when pu
If not set, and a registry response fails with a challenge for a one-time password, npm will prompt on the command line for one.
-**Note:** As an alternative to using 2FA with OTP, you can publish using a granular access token with bypass 2FA enabled. This is commonly used in CI/CD workflows where interactive authentication is not possible.
-
#### `workspace`
- Default:
diff --git a/content/cli/v7/commands/npm-publish.mdx b/content/cli/v7/commands/npm-publish.mdx
index cf38a893580..9ceb3eaa02c 100644
--- a/content/cli/v7/commands/npm-publish.mdx
+++ b/content/cli/v7/commands/npm-publish.mdx
@@ -127,8 +127,6 @@ This is a one-time password from a two-factor authenticator. It's needed when pu
If not set, and a registry response fails with a challenge for a one-time password, npm will prompt on the command line for one.
-**Note:** As an alternative to using 2FA with OTP, you can publish using a granular access token with bypass 2FA enabled. This is commonly used in CI/CD workflows where interactive authentication is not possible.
-
#### `workspace`
- Default:
diff --git a/content/cli/v8/commands/npm-publish.mdx b/content/cli/v8/commands/npm-publish.mdx
index c503b4e4c3a..2618811049e 100644
--- a/content/cli/v8/commands/npm-publish.mdx
+++ b/content/cli/v8/commands/npm-publish.mdx
@@ -118,8 +118,6 @@ This is a one-time password from a two-factor authenticator. It's needed when pu
If not set, and a registry response fails with a challenge for a one-time password, npm will prompt on the command line for one.
-**Note:** As an alternative to using 2FA with OTP, you can publish using a granular access token with bypass 2FA enabled. This is commonly used in CI/CD workflows where interactive authentication is not possible.
-
#### `workspace`
- Default:
diff --git a/content/cli/v9/commands/npm-publish.mdx b/content/cli/v9/commands/npm-publish.mdx
index 0304f57d8c8..33065d4c59f 100644
--- a/content/cli/v9/commands/npm-publish.mdx
+++ b/content/cli/v9/commands/npm-publish.mdx
@@ -120,8 +120,6 @@ This is a one-time password from a two-factor authenticator. It's needed when pu
If not set, and a registry response fails with a challenge for a one-time password, npm will prompt on the command line for one.
-**Note:** As an alternative to using 2FA with OTP, you can publish using a granular access token with bypass 2FA enabled. This is commonly used in CI/CD workflows where interactive authentication is not possible.
-
#### `workspace`
- Default:
diff --git a/content/integrations/integrating-npm-with-external-services/creating-and-viewing-access-tokens.mdx b/content/integrations/integrating-npm-with-external-services/creating-and-viewing-access-tokens.mdx
index 09a04b91a9c..d0475c2e021 100644
--- a/content/integrations/integrating-npm-with-external-services/creating-and-viewing-access-tokens.mdx
+++ b/content/integrations/integrating-npm-with-external-services/creating-and-viewing-access-tokens.mdx
@@ -25,7 +25,6 @@ You can [create](#creating-access-tokens) and [view](#viewing-access-tokens) acc
5. (Optional) Check the **Bypass two-factor authentication** checkbox if you want this token to bypass 2FA requirements for write actions.
- This setting is unchecked (false) by default
- By checking this box, the token will bypass 2FA for write actions even if 2FA is enabled at the account or package level
- - **Note:** For publishing packages, you must have either 2FA enabled on your account OR use a token with bypass 2FA enabled.
6. (Optional) In the **Allowed IP Ranges** field, enter IP address ranges to restrict your access token to. You must use [CIDR][cidr-wiki] notation to enter IP address ranges. To add more than one allowed IP range, click **Add IP Range** and enter an IP range in the new text field.
From 0af60a79dc060abd187f580dd15fc09b4e5e0314 Mon Sep 17 00:00:00 2001
From: shmam
Date: Mon, 8 Dec 2025 12:13:00 -0500
Subject: [PATCH 20/23] cleaning up the most important page
---
...e-publishing-and-settings-modification.mdx | 15 ++++++++-------
.../2fa-package-setting.png | Bin 17117 -> 64379 bytes
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx b/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx
index e9630961feb..e2320e399b0 100644
--- a/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx
+++ b/content/packages-and-modules/securing-your-code/requiring-2fa-for-package-publishing-and-settings-modification.mdx
@@ -4,9 +4,9 @@ title: Requiring 2FA for package publishing and settings modification
import shared from '~/shared.js'
-All packages now require two-factor authentication (2FA) for creating and publishing packages. For more information, see "[Configuring two-factor authentication][config-2fa]".
+All packages now require two-factor authentication (2FA) or a [granular access tokens with bypass 2FA enabled][creating-granular-access-token] for creating and publishing packages.
-You may also choose to publish with [granular access tokens with bypass 2FA enabled][creating-granular-access-token]. This lets you configure tokens in a CI/CD workflow, but requires two-factor authentication from interactive publishes.
+Modifying a package's settings also requires two-factor authentication (2FA).
For CI/CD workflows, consider using [trusted publishing](/trusted-publishers), which provides secure, token-free publishing that automatically enforces strong authentication without requiring manual token management.
@@ -21,7 +21,7 @@ For CI/CD workflows, consider using [trusted publishing](/trusted-publishers), w
-## Configuring two-factor authentication
+## Configuring two-factor authentication package settings
1. <>{shared['user-login'].text}
@@ -41,13 +41,14 @@ For CI/CD workflows, consider using [trusted publishing](/trusted-publishers), w
-5. **Require two-factor authentication or granular access tokens** (Default)
- With this option, maintainers must have two-factor authentication enabled for their account. If they publish a package interactively, using the `npm publish` command, they will be required to enter 2FA credentials when they perform the publish. However, maintainers may also create a [granular access token with bypass 2FA enabled][creating-granular-access-token] and use that to publish. A second factor is _not_ required when using these specific token types, making them useful for continuous integration and continuous deployment workflows. 2. **Require two-factor authentication and disallow tokens**
- With this option, a maintainer must have two-factor authentication enabled for their account, and they must publish interactively. Maintainers will be required to enter 2FA credentials when they perform the publish. Granular access tokens cannot be used to publish packages, regardless of their bypass 2FA setting.
+ 1. **Require two-factor authentication or a granular access token with bypass 2fa enabled** (Default)
+ This is the default option for all new packages. With this option, maintainers must have two-factor authentication enabled for their account. If they publish a package interactively, using the `npm publish` command, they will be required to respond to a 2FA prompt when they perform the publish. However, maintainers may also create a [granular access token with bypass 2FA enabled][creating-granular-access-token] and use that for a non-interactive publish.
+ 2. **Require two-factor authentication and disallow tokens** (Recommended)
+ With this option, a maintainer must have two-factor authentication enabled for their account, and they must publish interactively. Maintainers will be required to respond to a 2FA prompt when they perform the publish. Granular access tokens cannot be used to publish packages, regardless of their bypass 2FA setting.
-6. Click **Update Package Settings**.
+5 . Click **Update Package Settings**.
[config-2fa]: configuring-two-factor-authentication
[creating-granular-access-token]: creating-and-viewing-access-tokens#creating-granular-access-tokens-on-the-website
diff --git a/static/packages-and-modules/securing-your-code/2fa-package-setting.png b/static/packages-and-modules/securing-your-code/2fa-package-setting.png
index 72652569315f985ed6ee2fc92e884181e5f12443..67c12d6f299c15c0e94876c608ee1c89165a78ff 100644
GIT binary patch
literal 64379
zcmeFZc{r5q|2K{(Ym~i&lqh@lZ74~yMp;J4zVEUxAtYO+EMW$P%FfvLohHVKIb;hO6@&+9su_xWC4@7H;SsjDhbkX|Ci!^5Lcd~i<#
z5AUo$9v*%;@mX-@tWW3?_+nxuC#P;Bry%EG>)@>EXk=n`&&tKo*2q&`5D$;@t?!!x
zrABqCmRha!l;>1en3!&d$-RF^S|Ns@z2`*yr2gmonvAb+S`^-~5s97#1fB+vcG}a0
zN=S$ir^PJH&widvoAcxg`^@GQJ>%!IRyiZaDsJy+zjx+~WR2d_?_7!LJnTCWgw?F%
z^BYOIc@Ix=WoC{c+Y_ot-P+UB$okid0^i{88C&#O9(-v!grV5isH4jfG)_u|w3}hG
z&TW_gi)tO#nj2a=9bc$wsj}vn$A3;$j6dr>?|g(wNDGhk=C7++|Z`nBFn~;um{AWJs$c1RcxJRwJ(~qk~76)-WOTG58>{aoH
z^Nu1495$^ZeNz0l37;01PhAS=Q%K0x3K-OURz?^xp^hri?y#QPU6kTq=WH6i{zihZ
zg6AqE>g58n=GGaQ71G}lv5|Cz{9scGqVQ1$C~LVnyaYb-2%tN
zctrRY@y>uFeDI5he+iH1*D)U6L;TDC_gDj;^RF@lczB^!c!YnIfr9_IpEuwGYX9~B
z%)1c0bKu)W@Oha+@ZZvB{Zr2T_ZUAMT*JGgDW|9i{%e{zo0-|WSUR|VTJ3lWPLMc0
z&~?GXqhrT?@D(+#ujAnn3|l?can(^#mN0R!<25pMFgD}$uye%S2T#gF0vy_zxf-#0
z*xA~Pe5E;oR9xD-|gExpahSLr@gC@2amnWwg24Y
zzxTOk=3?S(<>+eVV9$!XuaU9Cb606LHr#{$@6UhQY35<|KTooE`Kw!?gM7Fvd;+}u
zeE(F<)yn)g)o@q-Q|(v3{_{8~+|4A^tvt+Zb?#Z&fuROXg9wO-^Gp4D&j07q|FrZ!
zRiC(+Im_CcmJ_-=F!nOMk11>x6`cnTvz%bKD?4
zvA1%C+?L||r_=wtmhS&lg9r!-{Z;AjXa9E%oqw$H_p|@IhMKb#7ziU=(;xzWJ>l=?
z{wgoUhnxJr3B!LR?blf#Y7kN>zW*z>5K`?QRxk1JWbqX5-FfVRzdTNY_0c@u->}hs
zwLI+p&@{6!({%}uIpVMewWs)ahJ^${he7?bJ*;FP3i5cHGc!lV8UsF
zr2D)e^7zNzR{54hbSp+s(0z4m&a>17b(G}7k*K4TpomXIqb~cqKPeXpVziBUo|62j
zkZb_!v-Q?1cYb#h+}*#tc~K81wNuuX|5GXc{TWEg3j$Kk-~D;~pl(tvSR^AW?N6l`
zuud$$?-OXwt?SR$Gw)vRee&qHJqH)aPs%8N+Y;Ob+Kc@AnyHbC-~L$YtpC`#KMb*K
z04WIr_G?#*>ytl~!Vi*JJ@fm4;Y^VYCL}+3Y-v()>rbU#)U)jUX$I6&?h>5!zl9Lc
zr~T8E*G)zr{b>d`)vtmE(~iXFzW&2(assjO{nHHmD>lC$oqxsV_siv9ZS&hT{;$~l
z|3_^2&4LG-pIBX6UoJwK^VRGdH!_5C7d{XfHjNP`U)pWdbEy6xy+0X5A(QAipHQT0
zo{(;&b2#-u+n^ohy;^R2a)41g7kA=^7!c=ONEx`+iPHYPQkS^Ezuz0CLDW({{hF)L
zCbvApNJUj@qsjL5%?wM1ft65gLto*efzq1(^&$$9A=aY>1(^|kZa=XVL~kKziLm!p
zhiH+mMY8ayS)6`hFuj48pZ?D!%N#*6@wOdK+UBsEzqRTHb@phlp(aF%=iy?e-ib;)
z|5fjqNKvnN=VJfOg-_AuqT{Zb#Mt}{#7X&bA+lxsp|+WH%atm!?B5xouD36E{3VR7
znHIs=b*`4pM70EztGQ<0-?Jz}LA*s;nOsa=I>jwYKxfT+)nt6_e@q?h51B*@=h$}V
zXS{70dXZ+vdr72)ZnXKgP6ES4e7%#1o)DOrlkqNg3uUo~_V-_~k9^Txe~u+7+5hBV
zCzkJ%(2{`U@LZfBB+>fY*GsVuAD(Dg?MpF39)m6f6(hg=whPsu3l*YE2lS^0DE~qw
zzG@-wpI)N2x=|Q=Y}@|jwXe691SU#@ka@rD12=HAhCeS|MNAHZwvqZPP%Zq-
z%IoB<*`E$s%d6fUu|3`yL|MukYy95Q;S+toxSk+mrdSf+DLJtbW!tMF+5y2%QHn-v
zjM(IvxlednH0Iy&PifYGR3HA#I=EvpFUa%7z;o^cEY6~^{RZ;&K*H+&5Od7!55?qC
zHb3E~SWMkusGa6+O=AUi$?(+LT6}QD%?pTJA#N1LPqK}C{0s*m4UiudJ25(R1IW+6
z=^+it&}QZXGn$Z`f|g6eK=23n=P+>pnkhk|g-p1gS7ZKO6-IjaR#tWoSSt%|*nLTZ
z%#YUJBAyX1M*Cw;i0>V*IQS!VG8QuudG($J5ET;9Kjqi6NPb>eTD@XtRONU2=$Y?)
zf`y3kyziQ~VF`84xm``-5u?6j*Kz=;Q
z=s$8z=1`7*qYp-6c%>B09LTQo<2I7p=p)PVfg$Jy8pi(ZI|7g?T))ammD0IBtYeB|W7Bk|sjVN>B^}?gaxazm_EN^+bDs<7mjM&Zh*VsX)EKJ?=PA)C0W(|bJ5N`i
z;JsEYiWvE{bU#r2I`n4&HxmlUQ~K11UmzkLJ5w6>)LC&CBXcV5y*q3nNZ{M6EU4m}
zoNp{+AE%SKlv~MLxig^GC`7z|p)Cn$xxjOyn`c<|WyNwwRa)2n*)}{A1Fki>rKIM%
zasVGutpF{NzkSWY{Qh$fcB)?9{oaoK#g`;6u`?{EZJlB>5$dntehT~nfet6cQOo5R
z*syI;M{HD2uQzG_7E*HShamk~e@-8cI%gpIqQ&o0CXZ^4R>}NpkH*&uf$kO`1?3A9
z%s+lzah_6RD{}<>u*j=D@$&VV-y3s51T5v$B#jNM%A
zjK|Dcl;kRL@37y|iku_2%mk2%H^-CbWZIbh_NTDgsn2^2Pd4KsWC-3IEf=W~dk9DF
z*WxeN)*klfeS}gJ)KEh9pY4Crdl2Z#a=PDIbbx`^T4`kOMf+`k%CJ*@vlhkyBlcfb
zi!<=DDru(EGv&(8zuPOs^cx$}$lf)!Ht3jhS~n0Ics#^*trIb-bz#HZtV$!rZy`0b
zgu5wvi?z(L>4JhOqKeV9Vj(U3F21z=%0)EVwO1vzu6EqRM_~zuYs;{j|6y-Po!W`J
z>&El%H#3E3hcK;6b6dbnT$xuR%M)6UfopLfWs!;3qNNINa=w9U>B33kuRQO2bZu48
z$&aum3M{RXfe0nCFO8HkRs8GJnY4!DA-NSlzjgI+g6UWmY-RSgHJapzqBb1P%PX6H
zyHqJWO4#-JW1Oj^%v;2Ht!V2kdK?r!Lu4M
zTb+`8qwZ+mnT1b>54DXEyo%K0cHKl1Y~kD&NgHk^W!5D%xl1nR%Sm`md6V|^YKcWO
zc?n9f#DA)T**8MAQz>axvjzj`4Sk$?)x34j?q*V}ilrKr11TC3-7~tiggsA#1-HQIH`NEb1K>-3wemoz1K7k=dG|D
ziq>@qG@+DQmp!hk6B>%^y;n!k7_Y-JkW6QaAZ-d}rOugpfOu`peB+-@DuX?Uch8KR
z#2NZ|_9j*E_&9u&B{{>%Iboh?*H9!kJ-hHTlJ2&Z;OAUrTYmr1BbgJ+B0aq^60x!LnA#zeJ$*&eE
zoAp7c?QYj3nc@E3YO+E`izIY;|0&*$Vn+$bdW(KuC`!R%xgVfjyfV7GBIImf)`5?paI;s6{^uq9{}m8UDPO
zx`X7a^;!7#dbPXf9{!dEWGlh7>q`~NT|gl#Jk8>~KvIgjXc)mERxpBd7VV7WY20!$
zMp9)cE`98NV8$&6;mrT}ElY$@eA?NeY$_x*5wV{jtDaZSlCcq{=EFuP4U92NtUW|K
zP;Pm!bi&KVS8P13yO87bGAu_f&ezIVkI7>)KxL)}8fG#5`A+@5WK^C{mIUmK{0j~W
zWdTUNYK7zvN{dSBZDnc{s{NebJ`C^D1j3T7Kv_zGlj3A{&j@;)jp%u3gxzMj1DD<%
zx_0HUzgh}c$wJtft@>*r)ZEwNt$yb&rM*C5!!G((^$-L#p!XH(_rP4mcANEH4Q0Am
zp^Q|6X;H^)CdhE3S}r?`(d>sI74JN+A^SGe0cEm47;N#}TgVL$T)%xWAUI9-V*QJ~
zn!Rd@qLiglRoGz9`ls`d_XXq#2F2c|E*&5IvTNafhl@pw=JBZ~3D54<$Ui(ro}cIv
zeg=6JbE^A@EEc=DnRwa0EcIr*99gPcFY27#5Tta>S*ekYiu`JP9E)hwW1%E11FL6Y
zJEpo&_COh{=>sLJ*ZND%MuY)YwEZgIS7o2SX6`n3)9;Y27V3G8~K+#nR;lY>XjYnK
zW+8ll&l`6eCar0H%Y+g5nC?Od<=6UeXn8nLKNK~6+*Bp9(R<7Ego~Cu9~^cX5aEF`
z?&Ht38*NEKdM@Q8-Xr6jPtFh?(D`(A@`K;tPhUUX&44=W+9rMzqM2caSKV9d!Z>Y)
z{?>-=wJ7gc2Vl}sYK4n}N8)!lE8c{M@owJ$ep(LDkdRT1wEb`Y>}{$5Xzt^K`wnJYNdLgN?kiNVOALlAJ1yMLVx?9*xM$3UdO(Ct}vJm%IOX4-cQYxVp7!o^2tE5
zhN5SjSo^`dpHCWjC#qKL9BeL0qLX!ciP`W_b}tbDsw=0xBcUZab5kF0{)!;Gye6WLfpy}R=C=20kl`E)g#w_#V4>v@es{!6?m#nKRzMQMSA|Wji#{xB1I_7&$T$t)0=CEsC0?%@}Q*zB#M?X-&wY!;xXhCY}r52spXSd*WGv(SCE7uD0aK0Lk-6QmA
z4McH*TDh&1Q~VUWwKTIHVllBjIzHJUicZpZ?Uqj^df3=B>htQ(J2BGHx3Q*H-%B$T
zYi)KQEC{12`^?6|t_p6IXvm>ui(zKiB)R`ro`B1Np0y`Cd6#blHT&+3)1P>#Qq@nU
zVemJuRdkKounfTaOFhjD&(
zSX^U~mPd-D|BL|bbM{y|`{;Rz?v=4j$j;Yg;75Pwt;KFGgBaZMT#?6{X}cCpUe6Cz>Apx*iI5Z|P(ny8aU_F~iXumM8Zl&m
zX!;1g;9`Yql9(iyY3<-Vd41GQPqhJK@6C_*r|y^?8;WQDrsMy5TQOYK4#OoV?zfO9s|02N?i6}fPwG}rxd1~@5$KNoNSU3pTk~w
zXO!6VD{gxZXkORF&zu4$yp_urD;T*BYhsLC%j4WkS{&v9LejOvz@t4~6mfFA<{!;~
zy()XBONfGh9-i3Sew(&f)kH#yE3@}8f*Vnm`us`e*DsYd`+6{zCiEFfDXI#e%A?iF
z%N0&0QWb&MUNwr`dWfK6%Lm>)>ZOxI#bQQ=#gz+K@tdsVg&G;YtfQ!u^f1quKjqx{FJ5Sr(o
z#EcqVs``!atNQ5@$6oN@7QCQ59j#@HAWU0oK+sZ-FXj|=O4z}5?`3_nD;d7=Nl6^)
zr|+}TOmT-bP;SuB-#1=00lA9!O_=0Eq712_D;-f%nq)%Zv5X778jUCWlv4d0@3jnv!cVp{ckIWBmzRNCaTTwn
z=#7^C^M2b=yV8#Hkp0Q!L^RgiFn~p8!GMqAao4Tz)!jpqlI|gR
z&&o_5C@dC6iM<^m2B4H-qowOjF=#72e%2MYp{x7CKM=c9!0q}$c?+vd@98?Vm(J(=
z^=oChYUU#`qjR_ZF~pE%2QgqoK}Wnp`}+P&G(DYZuRa}R0838Oma#{a@<*+wPR-jh
zUurThmuiL8HHHGeI3tgQnOtdFS3q>a!^HQw6-nXuTUn-(D+tY!wVEUIQHNSzTu>XD
zq9%j?Q7p(uHb6^33X{PJtbmPtP+~~81{d729z?4SbLUF2%B3y`cwIn0za0lI8jru`
zw!EM2P@LcKk|BNM$VR@~5kIvqaEuaRs4W1oh$zEN@{`Zu>sGv1()7Eu=w74!j|fY^
z6czuzU`vS$WM3}M!0M_@xKipSh`r*+T~N}#JkqG|o*T{di5Yj?AIIst={7pTZ0;F7
zhjbGJJX8KSQmpl`)n@0Uodf=(W<8ki<+(A;8TAcO#E%EmNLkirIz2#>4CjB7vak@+
zgmg8E@Q$3~!oy_{>a1EmB8JYwuga@0f$>DWCSX9xocg#mkZ_n1-s|12r}X1LW|%l#
zwva*E19hG;g&-zyS*I42&XUwol{LaWm5xyG`Etd!f81V#Wd3
zK!Ln-M>zP0)OIp~NyTK^WI6iYl-L#&G(fIYTRA4Q2mO3dUnRx>I0S+)(RXTyTd7=P
z6=C6vAdb{588QwxbCrqZ8;hPnc%}0v(y0&%dca6fcT&Ske_=f-19O*iSUvK6A!5NQ
z5ZP{P<|hoQ{JbidWOsuWex?Np{Fk;}1q_EyAi
zs6a?)eCZdMgXAtU#aS<%`_Qv*WA)vJZNH|+lCBke>hCLPW!7`BQb>6-
zNBuj@Pe&#L@0H@K9u+9ak*N}IxoNyA)*S~_M6|Npx$TE?&Sxot7n1LT*_u3x&o`a8
zPGF6T;Kec+ECzHfI*3Cym~OyY-)G3v>0Uox_?@A@3ygq??I+C#KN=@{bBj1%-e8TP
z{Jx$<4|{S~Da4+dsDn@=o)Yz7D(^{J7Y;JE-+8_OjR-u5=S(`?i1ufK*=Y3Lx)!Cq
z?bR($Z-zK|6-Hn$HNrk%mS|UECHio#Mh|GW%L8GUE8Ul}IWJtlI>|p1A!v?`vU|67
zD`&xdk)J?{kO_yTA3mE`?E1>7BG@5xRb6viU&0o6jGdq_$;+>~avz)vtvjnvNyiSQ
z*9UUIc!%ZUsQ;k8I|Yy3CXW^Iy-n@+of1pglL7#i3C$zXvIn6BK#=O8m?AT@_`8>i@V(Wz8Xy7uU
zONo@^rOoj=-cTz98KNopbC=KQ@g9l}YMCnbC2Me{WRzEm+Wa$1H+1U7ne%NK0E>+M
zlv_Li4MraWGswp@VLy5QvfX<-V8R&dgH$gPodVBLz69VUZnwS6T2keI091Ie`;bbE
zmGdrFa#miA1mfF4GoN2~x5LZ>+i0L-Q<*1UHE!hrvD7DS%C0>*JjjFkO#pK(crp~5
ze7)j6vh-e>844GZ1g0h{2hrIeKDTp3Ne>i_pTJHjmXbqG
z&f938>)e-l_!k~>+u6P2HBI82tf$YP5bTG3UYwi3LU^Ik`0mm@X-k0i%;
zp(Ho4Noa^3x3pg#hYZ~1wh+a?I1ugo(dwBraJ@n;PJaLtGZ_Di7P7SwZD-jCR
zY$dOmO7U^rfJX5D_??%|sm>G7$z1p-=ee654Z|RTYcTy8ne4WQTscD1hh4A3V)
zv>$#;x=HZ@A>OxA75z`I$*=%jvDax7qUu|h-wfbwB)*g$mV2!H&w()TS^B8~8>QOr
z=cOl4Sx>V+p|SI#QwNecT8Ws(B}rhgLfc=F_E4aHlv-mnZDJLPlqHJQR)AgnvFt=<_xW+d8I
zG&nK+Hq)j~fosfARBkgBnG}fsekCuY0c<@Ce4x1M^#(FV9-j;VcG$KsTKu2`0io?`
zIi_=Awd40<;ETH@x+ORDpEcC4u_u39H!Fw8&HeU=GMwt3;7%XVO}Qz5C`BFvLI|Ug
zk=(356nbm`$WwEo1zf)!2p~m`xIv9CDOvgr2JuV$KF|YEJ5X6B{byhK*QD3+16mVf
zM$Ssb9}3CN0hZNcKkCZB--x
zjK<*v%BxHUduq}+Q~&GtssWcYiw9)gXY!zKtNwIc(gU*XvvAP0m5Px=g+3*F0Hc)p
zb$#96;tc9s5QOFao{_ikzM!q%*v^xGj52@Gkpdo)DT@@u-l`7CP5OhH;^e=F%UY#H
zu6+BG=Geh$4*$!QA%9Q`;7&kuSejIR`$Hl1|2I_)6ztWJp+D;C$A&<`?vxhT{7J#e
z;S}sEk&>)GDcF9Tf<3ldzVwF?sH4Iu*nfxV-(mV!n*LpM|Dc=d7Raz$@Y5eKpUw8=
zok2sE;{@?g0glOC7MH{(qW@$NpK%gpFnup}OIM<2b&+hQ(KN+TLyll>3B5nPjgn;5
z2rw{jdpD424?#2gZg&p@I^9IC>v@!-7lJDydrgcNxaO5A!`FN9tS$9Blvfb&|UbE6N
z@s;+5eihigmYeug^8t=`<#8qNR4hsy7N=tzwhWRFm-4b6m5rI0jr(mSqD?vAKF%%0
z@k0HNHO+8TniePfpK8yfW*x>(j_pkR$E#(f_IN;M8AomzJSM~jK4Ai^kKuEW^#GW~(|LrK0kQv3X&sLIgu_pbBpj+X?xT9W*Xz$Ux`I|m
zWmr`KKzCSGa^*eX@%at|=qNtfwMS89##Lexz^-j>fW@_(9%t~~4dlyg0d%*vojGG)
zMQ`AdT4RT!v^kYx$GO+}b8K91Zk4_2W!hfizY-l(vSQ)a_cR)_@1%d-US
zTk(;+a%y;bs6D<7MtynPLS-g$XU7&g=_K}IOJnS`b!u9adlO_c-hk=R92V+T?&Yr{
zWoc=sNCtdT724P~GL*=u?Gsj*=@P%erl|d?Vo5mpPQ*<4+LbkrR&~j;&0lu48CcoZ
z`q1;f0BI@0CE?ePZe}LkP6Vh~(ZPHoUm{>a7Cq6{7uEx*Nz&Gwo;rXSex69K$MNN~
z*E4@uJ!v0$Zbg?OPZhw@lT$izsiHp~%sDyA
zaM5+RqoyDr-B}RU4gkJn&Aj0};t)#ZFEvl}D;d;lB(RDuAn+bIM9
zb^gksdbqTkZrN(ZQpuG;K8|WUjCRQq2vemN>CIm#<)5A$h3){sK=S{6)yr09g$EMFYd
z`m1dSqd5bIjerP!Q4F@@a}BKgxOKi}M&mzl5C1aosuoQs_W^JB<4S(x`JJ2UqoEMQ
z*Mxh9wb9bMI>ZFH!~%|wL02K475y|-lqMTT<)d5@1(4`&vALOQRvytttBJvj7c+c*
z8{x}Pap!wN%pAQ^?
z1iW4ONHP;WkH6G+Ll3E_+m6vO7%}6~Hy#7;6a$PdG7K!W^V`kb$z6(3gXqG?3z58f
z{%eURL=x?2<)2FlqqV0i%QSz1pD8{7<=ZxT2><4~L3irmcz8}`zkZ$Ro#F9M?J4P)
z%o{x8sZYc^Kn_5+HUPe$IggkY^3BP>6Ag4N5ChmMZSFJCdi=v0(RIx>vH7!ZMf$B{
z4SNN$1tJ>{Vi*?77#8o9&h65J^x3B47>s*m*$4WrmZT)TZxxFeN7D#jW(*nuH7t
zAsMY!%
z8qqzM(n6mT#F_s|FH9>e*T*BI5x~{772By~-vG&ud(<>W1;-uu(vNCzJQSH{lyenq
z-3q~>#I}I*OPmw6VDm8-gClizp|*1?S4a4B0A9^533yZu`8blZp6^co<(g;~kfo?K
ztp()P#?}szQEroio_oj)^zo{@Q5Q%*By<23xj2~G-&?&mk=T7)|IsFw5fqAL_+CzOv5?n)_4Q~K}Axh>_ChAeh-Y%4%E-}2{$5Z&B&1X&4F
zf55*K%)l9;U*OCHc$Db#ZiS^>o|2)oXQa(RjvSK;XcV@9GM@*1G_e`@R&*)9tx<%
zYQyHPD*}MN8hi}fy0m2QzQ=b7=u+2TWZ^BERw1M#FlZJ`Yf`1wrQ>d7N175>e1=6G
z!}XnyPxfjZ7B-`n#3C(I}7)-qo-?$!*!(>9H
zJbp;h+U;4uJa1HPe&=dDY1|3f62p-1Ubz+VMoe2Dg9N_iC{78O=SjAWq3Ozl;#`EHmT3p1-F
zg|-Dbp1(%fD6j$BtK#5Zdw?o^=3fJNVhv8mxcv!F6)b(jkYFGTWMl>{My6F52h-?c
z&bR8;VsuM{2fu?{ue58P0`qITLjYY@on)75ZK;LsRl<^L{dSAs!7k?yR7)raSAgM{
zNGffYaZB{7rt7){^D)x(6d#E6;Xm32VCG&|KbPkt*pz}neC$iBpBS%q62~CPNP3{Q
z>)#0_(DnI|7rH}yF0K}9w%&Rq2tQCBJ!pAu
zbba&8ffN!4>aVhhu|PK4u1$@!pL~ZjRzHxkC`nd~Hr#!On!$$B9^F+2Lv8M>=Lo}$
ziD*n;S_iawiDe{HW)g?4L+6aEsOlPVjz+Ed_&iCOR{q3ipdkcjjlyFiG1lE?E0q&F
zxsE*Fqp7#JXIa{n-l2^c_S~+oa^Zm9mwQfQJ|`KyON@R`uPKi0Ia7}CHk)A>Kkb)3
zthPP%%MIArS6ri)l%~&zCpk8dFy@Wb+Jfv))rJ#;tlMJH889nf<~~;nOt?$0v;yN^?BKR;Nl%AxW?P5R-@KiNj1SMA0H>O=H?1y@
z^X*qDz<-wuP{YCk3GA6UO+W8Y1w^FXo9e+o$3%6TeQ}R4piGyotf7NIGl>O7qdKS{?={=eeOpuJ}1RvlhzX?lwvyF2yxweYOKgURYTL)QeR+3h9QaX}YQkCC)|uUgjEu^s`3*c*@fksG$SVDV1nJ3}
zVM*ZM$r;g&%BaxLX<900EC8WU6#+g+reWxw(=o|I^%tm$f+#`~W47M=&%y|%*1%>1
zeY2B8eMoG;j&aRcUq;wYB_JylZJ}gjX6j3>rE4AW5gid;*4DEtR%aNpm-rE0cT3b^
zjHzWi$HA9ttgi{h?J}k?!*B0qypF*+p~pwS?&X@Thg!JfJYI@ct|M}!PcyByDIph*
zu49{#VE($u$|Dk~lqxafGeu_j1ufQk;pVI6w<`uTFQ;!T0am{!r}7V(qhObFL=l9F
zQINw0+w!^C@ED%C55B7)Q^6~BUu81#z|%#b4(v#nFAmv9x|ymhT3eEm$=ZG
zdXB}%(d`#2MUE=zvdXRisf$ityqC29;{%Tfk%K|38>Xt`q;cai^`I6^uLSLP6g(5)
z3%9$Aud2LkvRLz$k2P}U81$Ot1Lvmxk3xqFNmuI>Quza_D#9{5VjvY$WOGsA|8vjKlL(*XG#l6L&!d&@9p_!w?&LSG7
zN9FAELt$PxejIq@c3Zrasip%eu3pF*ZV&5uxYrPED}}c^m@KZJw<2
z7iteW90uqE8u|(=o~_O$H8@e{wa@O|<3-L+zf+#<%v2M$@WHnkz6p?96(AmX
zhqkB3UiAl_uD{IKwIZ1krE&XHzr29sBr?mJulYPF2uOi_Fd)t?fy!*AM5u}1fvoo;
z4@5gNmz`hvp~9WeY!BKGomoDVkk7$_ytxC%o(>KIT0q&Yok4@G_8k)J8U_BddHDR5
z{nsm<8%>2c%8tV=mv%LdV`X{n)qn?MdFpq>Gj4B69mnQuJ9mU3*M6mO>e>j-Y6e*<
z|My)0{`W-O=xP7Q7ggI92CFewa
ztR4zhFRp8?kw`VYpciFW)}yg?6r{4L(PX_}_cqYQ{tJ}dzRYsG!7YQ1>xl0TM+wHR
zbet~G0AZQ>ObpJs|0?Hw+1re>3`7-4HbWfi7@e81`VP5TeN6K~Q3vsuhNI%uv!ls7
z979S=v;;Cql{%2vFj<9!Fj;+D-&TRnO)6RT2Mn5$E~KYlR0fb6FPAWYl#s6`pjINV
z6eW0cQ}i*7hZE%Lvz}W8<6@_eT#^zkJC|q%oRT!DUa$l!5QZAFy+CL-g3^xc&VmG=vcO#+>w3x!U=MLY4SeoIPo6xZZ270V7epR=j;*P
zphO0JQ15b3AIx0WnE$PdC;4kZ9&00d_9*vT`1vUJ3cl7wN7anyCfwN;y5e-4i20`t
zp5aUFz*U%Y%n5Jx#rpd2%s^=}Klt;^NGValQV7Frs79sdy}!sScd^goZ*8f`08eI?
zo_N{uywRx3N?O|aFew`0fbyv4BgUmaZ0^*0isvRUQ8S%c4u6Vq%Ag9nD-oe9+BvM#
zil;6!NFAk{(JEdThqYiFq|TL|6(wG9md<#`aB%VB5w!N}pbM$+^jB87X|MiU`*Oh<
z472m`4=Q=CM;G*}N(MvMW(CT%9uE9?|7-kRa
zyquTm*uUQ%V!jT2l<{?N%RwUYHhRzct>M}4lx=Wz-t{R;f3anMCihvjvJ6LGBN-mj
zh24*8s&P}HGFYSPbA-7zkH1eEgdV&_%{-Nby;+k`!SbH<6DxglPDzu|6Xy3_%d2|+
z^U~xmx>UdgLhFP}n)C$4iEUxUDvS
zpJK0C9zxE4p(Pw>%_35so;Whh^?3^
z?zJjd-S4+v5XQnNiwOn}H~Vg@tDpyO7w)Xt1RsDS>rJ)nam$ceD8+2X+9<^r+9Xvh
zh@)lRdd_O*c%C*vc@Fs;bhJOfSlC+xkP#XNIWtrfo@6Qq!=Q*WKrrKXSL(zH+Ecp||Sg3jRls6=w
zrNBVGl?^ofb-%x1rJ|9#+{3+sw3%X~*|AWl(fqwm+Ty!SW1`d?1NP<|&JjiS#ad5P
zFhYLnT=8URlc8Jvq*s3;{l}bIX`{5b7$|4@pnJ4_Eax(ozB}(YOBF~JC!X-vLg`7U
zZA4!>ZSD+0xjNQ;d0yOpyV3i8RgYUP$L2?d2@6V$GUKfbT(BB?)o(o5l9;TN^=Ef+{ZbU*22Vu?{LCi)h0v}fhMc`lr%^aauQP
zRjZegNi)_&l}3I~&)Ixn{AjLCMhtGP`qIgId|GAJ1(J@L^~;q%SZqNZ!z_jeaC(JEsJ6b+x~XQQ|zcK=+&%)pMJDq{&N1re2+jd1}SH9AsNP#glDKP<~b{Y;m^t!BQ-X
zjGty~a$=@`<_H8aOz$c3J4Ta_tm_B(&wKW6`ynE>)-2!4y>~Kbdg)@rvp_3q
zbNoSy&Xc}n>M&XDcs`~)G^!T^dtK!Z>4#>kWIrkSL79uD9=vr%*hgXb2~QhyY{HgH
zxAgs5pdyf3hvoA^+1V_=Kr$%lwxP7`%Snw7wYg?VcO$P`vu`M%v-?KUOCb85>#)aM
zc$U^$syR_3S|rConxCW$HKS2|teFFl-Y{XW1mMOGH^a2Xya^&e@g@4(nSz7qi^tXevu*7gapJ3Z|&4!^Wx)evN_WXz*&t^TM85I%Plc^royC%#>D8Ebir@EwjGYPIBf
z{C;7T-wi3-fw@hsFQ;CV^`)PtSkq+b7L>6`i`}fV7H+lUCDr{c)J3v*dKmN7GfoXb
zH5;EvMpm(8`@!-;vs)&5U1*B2a?kWq-@Pk2O^`cw+82eNESht}hguit1pM`X?qT1;
z)$-u2JsU&q5?#k^$Rvm0?;AAmjsQ=dAx7)#nZ2{(GQ|zK{9oJ}nV|xo(O_|$6%2!7
z!^}8;^qObv
z*4do62d>FFeRt!w>NsQ$+OgS}A#nw;q-c{{KL;XR^h)(##(MHB2=lepFzH42-%_D*
zQ_~@1eQCi}aPm~mszB@h&*urqDwrc>z4$el+;<(mjP5mYb^~PFndYMuY+>_CoxmG6
z>LdfWW%rZ!aTzxJQ2RH=^ezXBdzlfBd3EWI!{U~zNXnU~d{-n%q~_G(V+>xDLhqs|s#k6JVeMd&Dif0ej%1Lc6?^mU8o`)r*ArFj
zCoBGOYDc3;qFU37o8#X7*4_g_;xs;=DWg^5LULP-Tds+e&mU#kbQG1x$8d6HbUm-S
zPMWbr^tzhYJEz2aO6_J+x?}R=$FHDSBy=^Ojxx0FeAypkt1#pgOcyO2TPRk_Hso$X
zMbqz*RXlhl8h+s9bueaspkq*x#QJExHBy$(s%oXS82U8ztIX2FJ3R!&t3-P2%rM32
z`A_{6?C6;!s33PnncczIPjl`lz3qp4P6clgEF{Qpr!NWhoJhCL85>kHso5%2c(6JZ
z(WA(WWH+N-pxoJ>Wh!x@5skYyA0FH9rCHHYWcAbKP~Lc^>q@P|l8O`!8akO-@p$>>
zZblj}N%?Tp5e?D0Jkb^wGA_C~C{&@v_UwW64iisJIO-#7yhcmG@KVi>B06Jh`h8YI
zTCP0x{d+`-@!u=xniqFAC3-w#bEy?)1xB6|4ckwce;y-8*a~X2J$wZ`};aJR}5uP=|_g$Wy$B4ehHs?>Q%!F>AiCfq6W1XnpN*~GNZ%j-AmG5)NrD@c{aYRc78bW;GTPD5|?;rudtEsP3dzxUKBt0l=3ivI_;r5
zpA&n0(y9V6Y;Sw;hCV}1=i>yA$Fk%lC@NCy;zXlpo%bp9Gu>iF^e=z?a)ImUox{^2
zEzdIaJ?(d{j~+6=x96D=&lp{ddXHJmv`t6bsFp5G?*kyHE+3aYdNi_GZ2#bH^XT+HG!EYOMcf(
zm%{@e74+X_Djl4gNkyAh422NB^EkPyTurmwif;J`GaX7$c%&2|W?wmI9~%v6ZC{V6
z@NIceK|W)5YIfB8o-VD~Xwl|S+MxO~kRl#oN`;3>GDCSowbLxe1~G@jt@l4VB%Oc+
zpE|m>*JacaRT(q4I`RCHz~$k#$F^C6Y5c@1{3e
zJ^3J~X>p6|V18MuJFlHq7Whfc$GLw-ExI`f+e@gPe58vOCsq2|KWxo1*8+!D5Om*wQYOAt_MGP{FwDc_csFN3Z~>LjE~HvL4w_wv?`_?ff?bDfi8g|
zbwoDP<-TpqA;Vs6+Q#=w1J()18d%c{dtKy}%-%KeU@Rw!unPCq3K#z`rf+Uozj9e&
zor7P!h*42OXkl*q(FYmK&WLBG^IY7o85LSsdf2_`q>|B3gAdK^-DWM&%yBk^dzXdF(zI)i+g;c@;a=2AQ_$C@_?
z1{~7Uh)^e2`BjJpgyhc*)DHNXA7>T#oUHVx)i__Nn)-N2vr6F=d@FB!HfE-vP3Su(
zdWtbk;ERII&or%j2Xm3|%J!}GL>+@3rQwHCp^@o6wyx_>fOh-x4v>%_B{zygdd|&v
z_xFNrH%u81t~x%N4COO<7O;nVd4VURKzeOzv4Zk3O+%~IUXJJ{6u+aR%=-;*Q~O2
zQq3zO(vA5`+?MUHbeLoAPA1%Uj?0k5^CE$@RQ5-@G*{XO1|@MLbwOoxh>^ISEm@AE
zi!)T%RMx0i=fz^{&&T(5C#3mc)7NX_=B3&QAA@dJ#@%6*pU9^~)hKP!p|4;4
zr^7fxQo3*(HfNh1rVID1>HN_)uoq?w(P1wH0)$E1tiCGJFAKaw1fM&A!IFc?Yv)4*cV;lI!K8kG(T&-LM<2gZ^6H20GQ=i-&cAqSdpW@yar0Tu#+T
z@60;xb3F)V{^Luk{2gxL$7+Dxt^O%zA><=8Tj1^0hm}&e9UZRt
z^qR{jFVX3YZ}zM6R*1f+DBlRKNs0#Ot@^^o#9oak_7ypCFq`eQ68+`xUyo@{PfKY+
zmTON>beE4}t@@asCO;DVpnRk(*zvymmaRs*Uu-nGr4QvNIEAbFL7z>qPERov9vaPlqEU9yX-cy(vsOMyMkY~Gr&(XW}9Ds
zc1l;_N8*Uyn5;H?I>tI`PL-5gvit(ph>(R?sJ;3zPhsnXK-b$
zqplP}o~!FIQ$*!BeLNU+W%84}*;#vF_7fvGDv;sBUg@{lo}_8~6XS7x!LRLV=*tNe
z%k+C|*9gUKMss@E>m*s^c{2NVJ_rf8#yF+lN
za6O~Gwa;#Qt+Vz$x7~lYwf(bTLe(5K<`|>*{`TjEcd#YpM&Tzb-mrYDOcXa`dnK?I
z(2vZ0Xsr9IQ=TLlMS%eZ`jY#%2nZq9ak+Gy2_H@PBdw`^b)WC%=0mi^_d(S-gA4Hn
z0ka@SndneIm?-(u=|{;Ovrc{5%B1N_%NtAQ#?i*K;+GmZplsHxR#=pBUp#Tygr0|Q
zzQsbAZNbc3-3|B$qcfAZPA}aw=b-BOeWFEbV2U
zz1CjrUt?$67q=tZuHr9Q7T)NuIFcAUN!;9Q2~pq`9ly_)VV~_AH@Rjc-oz*-7ppRW
zHA{B~?e_2(XoZ}>q#+kJsZ6FzmGlib!upn`#_WYeBx0M&qAwSV2DadvoxO6LV@-BU}c1vEA
z@(cZg<@3`;Y#&IaI@NJux3>C+0CIv`=^7P28oW?t^62oWgRC=bDaUqxHX&Ae1Wo%H
zgA8;ZJw#(VLtUtG++;tyR_yWjdnT{H1cEL#Hyg#8ul|h3I1Mk@vd{_8B)V{_KPVVS
z7@jDc1NFmgChO&-d}@HfUY;3su>)i(Sv&bQ49Kfk%@Cq6=TIZguZyAAJ7)oJVOWEe
z50gBHmERoqKrUsf$MpJ!^T}wB<(T!T`_>#1_3uJurUmP6(iQRG7Gf@3r@*&fBRObGtb-dbggJ#LR;9ZT|(*
z&ewZMw%-#Lw-(J={xhJ?M(Qr!`s{I+5TbiLg;ub_R?C$qv!wI0+YTGK2AFKko2+*N
zOmttkU7L~%By47!Q|#wi=sthYpbh10avvh6l5HM4golUQ>=7G|BR&Wd669{SoQ6uh
zm23ABULR+vO-4G#&cOU|1oIq;sG@Qw9m{8YsOmfCRFv@0-T53#<@L(SWcKCq
zEB3-ZD4GLOGC+T$o>{V)M*Rzmm5*=sV>yHv%k>o8GhAoIls
zTNbg*SjUgjosRB-Oc-sypIj15C8%|}oPYQ!*rE@3XeHf$c7cGs?O61UZ;PnN8IAFR>bDe9!Io{adz``D%h6YS()ej
zm=!J>MrcAX%7nz7!-r-BkaMV2Q4Lyh^^qaQ08kWU+1+p2+$Zsr8$VG>=MAp+3`K
zzd5C!1-~V-%-lhL#6o@hSZd(f9w~M_J3L6Byiaakwc~8r-|Pq70mSyOx&;C4lyi4F
zOsIJ?saDIW^xEi6{rFnz#Ov$6gS<|S=02jSgzeLc#m@?_tYs8-o5yf#AZr)S?jgGh
zF>7Ut4I?Bh{6kjmJJg-~ZI;{j-#8UDwd+0V0kA`TFxW=4&`mZcv@*T6(DY+LLY#GK
z&a$7V-w!zxaRR13qY@feHm`cUH^qX}X3E*FG~w{74j;j(4U-Yub~v()Mfk#$!m?=1
z+oBg-)A}LvwGTOKU3blCFq8L9%3yw;WlylP^KtE*CAZn49CftyJ2H-?;L|OwYY?j5
zNSIQ*@Ef+CXVr~<07p>mk-tXY2WX>yIF+-y*{_+B*qthz;(LsS1+#6mj48?5Z61LZ
zvp&SH9`|p`ZAhDvyY|dgq=B6ZD=}Etj=AvUWLEg+ZgMkbjn$>jiqIlw%
zXzcT=eia#Js=woZzBj7P?#1s?u6f}7psa=9JR`2xH|9qu`%4l|X)%&Y9egA3^{3wW
zeF)dpnDuN^9xMCg&sUc)cqf1OJW-OQ`Pe@tF%r=;_yyCiE$(_HdYcDx
zt_U8!gC)ejj7}D%r6N?+p~===M1D~j=frpAQM5;dVM$%K#JOCMF(k^snc_FvC0tvp
zjT!@SN$Zj9`(^2#HnL{aam+U$bQ>Pw@cH8P0+U((hD<(BY4S#uAzHmig4FKwRO@wl
z?30GtedmQZHGC8O?%8^{^tCVcnHd%8@|WPbw4tWdrN8X?#FHeiq;@A90AWrKyB7M#
za)(!~x>k#@Ce5uN%Bk$3v#k!)Qi}A*r9I>cUR$Tl0S?nxNt<0msOiUc(I`x7D7uLq
zlz5wu7)`zQpnJ1|x&p;g2Xu1AF0l!#O=)_|Cu?Zr5RT{aR?4MzV!5f$*nVd+s$yI~
zkGMgax`3-F5i4QMn|xgyJd&TaX8>>wmNotax80UMXzJ&i&{EM2o!oD-NG3U;qQ{9Uf;t=$;@E69~<
zA=F+Yzy5JACRl3){eX@*bhInSV?xzs4KyjbE9&|o+jrq(Rr0M|5nUxEgK7#bA4g!o
zX-<&g@4f0d3q33XGZUW?(G+6j7f8)Z_vbYtX~Ww{{H_T%1g5UmKDSjRZbjPC!AZKz
znLuhWmBfx!CmGrhQ8s~xLBmHZjJJYbF7VILFxA5Fjbo!LT9vgAT
z{Iq9UXBCE^N@H;VBzVbtpsN10w$-vK)!?AHXahT-Tlk{@&W~Us;czsQ1-nEZZGBmb
zR3x#GGDm$u27frJaR!ifNZ4<1S@m!#H
ztG8V?bv!KHw~zX|j)*NA+4dU57JhtW;7pyG>DD(lF4kJu(@5bNrk(};rsU!|tWg%q
zfaP&;U6-K0&7gB7)uc2GdVN2u>gse={hBz5wN70y$_m?YqVZlOkuE!X_SjUNYY&KT
z{e+He>#nur&wb!Z+7+G$5Im{qJl$yJ`k|lF_Tt45!cO*bW2mW6yk6P^4|n%6!c_VY
zkcvGoDy)U>)$bOc*-&?jJKu#=kaz7$+Ahy(L|^mgbr^S<(zHsP%)KUKC1=p?JYHqk
z3>fmbhpkXu;hf;%(tl?T4l>2VGj|ME=pXAmbR;!i7_}a|hPJqeP&1}p^K)HetQ*qRI<*swlwmVg!h80y*BrAil&uEFiCaXR<{CiwYL
zRww3^;)@&ph5Q^kZDOKHQ-OpV}iukFc`zsY=F-@NFOkl$saKUR;i8k4Nh@J7cSKLFvv
znWSRF&(KzQ$sVgPV>v2`$mGWlw%49GXmNGMy@oAYxjt`ZDsMCFQ4)~YDRC3Ka)HE^
zJ#RK
zuir0wJ`r~C$897BT^1|+0%cf02^2uoJzFhim2%MhHM__4B5@MXJFGZFC=j@9aVZu0
zLf1kPV7)7D~Q?JMJ#A2-eqm%Hi9(wSiWJnn~(R7E-2vST21Sc5Q?bI!(u%@O!?z33E{0tt@XjX
zKR-l-Up4#^^d~CC{AAQ>c{vAIzB_$w7l_k5WOXwcg0)JNtgTKVZP+Hra9|7Cm|jD9
ziUuBIRpR1@_PW+ARv+(A>WtQkznv2IhoE?t{j`Fcgol4z*+%(7poT8w01124mY{P6po9%Oa;O_>00R|TkILBNiNZ=NN|W(K-aF#I0F
z!$}TQS{@b~sJc}vl86_6w^*THZ&}+rdRfigE%B34X_f)n(^polWxwmf5K2{bf86J$
zT~y{~aiMbW>;)hW);+bE&usjRw#_I8^ejFIPTBL)@nFp@cAEP
zltu+?Z&!*Tg^<>%+mq9V)cz0{|K?ZJrK`1tzpJ~NypM)3CIi=T_I^2ZyE&0&+xtKfCWJ`C>l8sd5
zx^pwYE(XLJ{t1z+{A?VjN_G-u+urZw9jv(5E)#N#+(!Z<9B&({p?qn)pg!R8X#=K8
zJ~;AcowoK*1RvfN*WePHN7$3r9NYXCre7-6*(}a$
zTZ5})2qRiB+a3Oz_`RMW#z>6Bp(KghYvuC-=V076Gu;!yu8b>VgCl5u55(T(<{l^3
z@6B*fGxY_%wgI!vSH~a5p*L?6^eklRRpPC9RpR7Rvx`&B7aqhq)~j7V*C^f$asyEc-3sA~xG(Xceb9bS9bI*C
zho`c_JfU5K*4zM%d-wUqw@?_ll8~my%>#th*r2W-~
zkkH32UBq@Tc($w#5+*b4HjJ3z{t~duqW4DUSeKa+s(Wb5)3bD-seD+floKL)EMC-s&0ARyV+^VUUjSjP-M#;ZqNKGNlHj+NSc#5)Yn69*g{~3Z{)F_
zKeJMdq{$`hSZ(ZXLeP3u!yD1P6mvD(cg6^KbKez+GAFJw3)dOfUaC%(cWh&chVII0
zr@;&xK6hO?Fvf~t+2(kwHKx%J;y;1R>sXVw^GgfpsffRO1k1~Odhr=iLGlmj@2JQJ
zn&CEn_6zTYTo4jTuCT$-9
z+RLm-7TCtqUw;L)>8Zc}5t#*~_&o}pp`=JUxPP4-txX4TA>D+|8GmtMeUAFECmWlP
zNIJi8y*&*7Gj3Z&>eqU3a6ezN$eS>^t@Tjk2%NOqTSFvrmcm`3}Rgl;%V=WQytxDYCmJG|%Pem6Glom@OibB^+REwhfK&R7WjCFN5y6y=J;
zQ}*ZKO4W2X9Ag>&)-@PNA(Qr4Hw>+Mv1y*q=2BtI+yXvQxMttoDW-?qyTd4N>`H>n
zB_9PP302d0EjT`>OZ@f^m5i8NlnG&s#59DKG5shFM%pbw6U2woOfBE$F8El1rTZHV
zEO@Q-;kf%)W|!l<)#754y;#iJX>_jF>{`g9FJCbpmDKDY<$LsR~5?sOTiSh`6&_yf^RiYix
z2e^iTbF?W-Moots&f@7|p6Efkjtx?u4OlF}D$X7o`Fu$mB
z67OK^J&tXDNX%;#KARFTF)z73iR%FxiHlP{(RKC%8u9w^;NDCLod_>-xwsrhlQsx8FoYNF+mpB?l
z&+QM^Tr6UXLJ#*hM;X#vtWa)sAh_*i#l<-Y83u}b1hL35;n81Yf79E!aF4#fY5FIu
zfP&p)ddU};6eBT{tWVvIR$in{^j5h0GaV_Oxw&#qMNF!L|D0PorVPI&;C`VPo~1}c
zgJ3Ixg|qOdO8Vp7AmNL7haVIO@+`^a@32Ti8V
z?t7cMEg7eS2(<@VukUa6KKl!|l*eRD_ZMd)pneuyen=(M_QJEq!`%|~+@v^0_XWMR
z%vnJXpmdNpfoZgTcA2wYa?5G*9*MFIVIyF*o2eRVcvQrBX!(r)-cUYm^Bc&daRQeQ(?0;iLW-g5|B0xBuK19
z9XEz}G?WNb{@Gk+*#m)l-b%zCpwK4xb3seh@O6L-R8JDL`smmLZZ&t|!9l|zS$&f!
z;TAHII992d0phD>_@H+MwtU4gH4bGA31LG;0Pk#n4yO%q^t1XDsl3qf<|ELw60(Pb
z+vNFU?*giA-cNpd^P4J};7Lh1|VIqtM6b7obV_w;$ZPnkey2!rJ6SQ$*Aoj1L0Aw4h3M?-84ck_P*21DcmM2PF7_2A~1j>i2F{<=4B8q?e
z`+pglQ-sHK9?o9nP>TOLTL0Z&dXZ7QT9=RToHYC|L;K%d{FvhZ*MqK`sO>7cWE9at
z<>AUZf4nuP*EVJukeBAc+j!c`%QlMqjRbomLI3OJczona1zH4p$RLxOmJ27I@c;E&
zZ5a<~33Tu`+F`msio4A)Tzp2OeIf36)Ki0M@U6#5!Y`#;76+gF)6<~;SHt{+5_~Da
zA22=A9QTt}`ZX2Kxjdix>~Xug)?*~{c^FN$a+0`zz5toF$QT*W`h
z*07|N?2HuQ;c2nFX8}bJS;wVQ96Yh(jC(s$FF0gjWzpsEIVi%ItAg@+JAjDKpIPoa
zS^t}BK?<*kALT*r=x#x7BJ2!qUgm4P*5wEKn@e5Wg5O!8%!B$L$g^CEP%VM1wKXBz
zmz`}$n)6Qn5l|QS!a?kMJ=Afb<{6K>9xeRBBunr8q--jrYjW6N^7vzrEs_`9U91tb
zL$mFJSeYS|l((8;Dd7{28%UkEi(vBOx?eOb`N3JegVF{4(jPWK&fB!53h=CbG2OOA
z!j_aQwE+*AC$HM}Hw*wGEg*I&2w0AwZ>|mQO-AN%dwc}oE5r`(?*+%}v0!?9m);{(
z_77^DokQIaPIg!Q_7Od=2waC1|DQ&FNaFq?gC11$5g5eumuwoLWZA2jw%W%(9sAk3
zeF0a1EmptH_n98xo)K@c%l0Hltk?iSimwM~$P4=dbRrMW;XsG>UWSr+$K0g+CtmPU
z%L+*KTjJV-zWYRzXb8Mpo(E9fy`7xJu;07iUOvV5`JN@Rfyx2Uw8Nyjzo?U
z1OZqz$+!G|s%}=+3D#Jw)rLbTZ?fC@4BI3y6(9kmjT$LoCEqhRJClll(0M!`&ilL{
zi@p!#7^Gd7f3n}&tQTer6kOoxa<9*4EonTFiU&Q|iK*KX0tir@WPs(DX7JdNqJiXf
zE)I9!xEp{Ic+t2#-pyaa&mP0qIl&aL>M7DBB8|395c9e#+$J|JRO(ebEHq%Bd592u
z9bE3ut=um)v_L1uvCEcqqaV5H5Md+vE+Qc`Z_S9!=vyT+c=%$Voq}M_ey29*06-|6|Qv5c4dX
z!O^c^+~KFJKScC`+YcTbxdZo=)obK+lHO)GSti}rNCJ2Rj(rU#pOoFZhx=H~FxM}l
z{eAoJP0uYDzGW502c$aXS$ARbx;L(F_Ub_K!kezcj!ryi=-phand^54SjW(*+73*^
zFicrE=%JL%#%AC5cG(7E@L%HLlPjj(WCD;qhweg*L?hf*jJTxiDcsKvK`MhT0q#VH
zd=KYcbbKin+%@bRvILMJqgJtR3Agafw&M3Q&Y0&H+O^HB!jg48Z<0jgQ~&LUpI}+2G1o48*Lu>BO}5;LitSntUoX42
zsXBrESGQLp-AL#CIu#osb%)!}rO0Hix6Qz(OAlbfEpWF0lmG*esukC2EPNlK+=34m
z>YoHR5qt9ro?1}_sxTWTNN~&XbPio;E!%B>b)G3xC)X;4$an_%{t{OqM`P6WvgI){Xe$n<7Jk_h4@`Fk|!w
zu6S$5oAGS=d&i~Pc^lXHXqWkl_v5omEbD}AsjdM}GTVj1zM;X4npzZP#1$~uWQ`cycXO)1s<3PY!`{SYoV#
z(qc7{ax36J_q*X56k7?!;hIiTXy^ji>yOt8SlC9)i6J~|$SRg8FRTMiE4vzuXSw&B
zQl>_-B)U_8EHgpRpC}WJt#INTlx~-Y
zUG2Yu%HuNF*YrsF)T>yE8qyejNO{KDkT>R1Lh}qxWpjO+R0;2n%
z&#|aRf$8nZw!O1XZd$43XY+t2i<{aoIJGNlh1y~P?5`z8TRtZnaQ+4lfDI&SYAu1C
zTX{U!w3ndpD&&QuL&0LfX}iFKl2fx8(b(HhT;xz0r;Ae;rCGuEc~Uo#jfXpR|M-4R
zSrDSC(@!nQ@&c1(9i1};t*@?VWPculH9f)bwvvIBc{#A5Hxp+}-Qxb^%5BC1E0E!VWOLxycN3
zU|HmMzshJ+fYE9@C|S>;3_ZtJf}eKQDu&z+Z1f_<@SicxGXrYY5#U_VGmExvF8g3w
z1b1gAv0J&nVD5{rWjpQ?gS%(GaAW2c`+e2wonRvv&v?UOiS;54ut368_Yia?2m<=aa8Vj9!9c+rno^
z2NAD*A@x#i8*yb8T;g$Xoo;b-C+Bz>_BK)?)gj--aTz3`f)6O+z`l4$Z~clt@dowC
zX(OYBE1I-umS=BX!T)9f0FqXdWRTeqI2H6B!L6C@MISe{WAJv|$T`iA!c;~@u0+)L
zbY1t#x)H7rhTw;~>UY;M%AczTt_9j0$=p3zek0#W6u3sOP|Q96$;TKi26Sm?qV?>OEWm~3|@TIe~({g#_udJ
zxZ}g*R%};AFo<>oj35b%jEvXDaT+BdLP>BKntC;VT3(^cHRGHl8q2WCaKI<|BNTmQ
zGABO&3a!ocA&3X4=YDy&owkBAi?vzerAPlt?-rPN?SHWyY6c*bo7t&Vo9i36LyVVg
z0*-<^tIx9jJjwT`sCVx@P}W;sK)oU$fG5*Yy4@^6=Ja|aYV+u})_U!W^Em(Z%1*33
z8{nOE*F9}a*+{Fk8{qv=fWmh0L*kmf_Xc?PO5_L_a_J%sx>6sSi7&C(u{-qisl+s1
za<1So&cU~Fp14&~H`H~#y>#Y^UuJyJc0x4&XfFXX;Pn`2BRk(cO7IQ))?b5qLvdN|
zK^)RU@`!>F#^cCM4Q-tds_joR#;J5$WrJ)asWq;T(apuFzf`)Gl+K!%fZ?x{cipbM
zl-F3l0SA9{_(2byeYdc}KkV(SQTcN6RQvowpa272BFEt!pa+==eOc0Ppm)^~@jPDZ
z=I;6lI&I&ao9BOA0KPzrf2u?7Swm_*SOSi^`KeauZsAn$sa6M*a3wOXz!ATBfD?si
zTKF96B<^CTYW-kaf#{-U$Xh#LEd17Y+Fg6kDcFf&_r)xqd7KlPK7w0HQO3!&^NG4a
zVd-W2#QBwgjhZ7)32rnuwd0deLI#S-?0$|=L&Aszk5Nmf@~Wppu{!Qoo+Ei5^I-fT
zDyQnX
zR^X;PktC>Aho6VgBW}n9g0os$ZT!XIKH1|lNt%>#Ro~;}L)O;Kh-c(cY6ld}#B>6L
z*8zeP_zEay<$*nfAyirN?k7?9bG4MG`V`1z%W}^g9Alq`@ZN_5BR*Q+%F?$h)k}<*
z@b-vboTY}E*r>0*u0{m$7
z@g1i^j`V~M2}%X{gmo{II&*0*gVU3U4lCSh4(}lL9T7@
znsNQ@8~)L}#ePzMKaslc0Ce9WfJC8$uVh>SjnEbHW4(qm3RYZS@oh&3wDju_dNYR@
zC80DLg`{Hjdl7h4mVg=p+qt>#ob$aH78D>gy9F?FpxAmw(kLhKDz8XHf2F*z
zLAoboz^YH5mJEVU&!X{lIr_Iugc39IxwbkiTkb$|>NiM@>$fd?G16LKZwk-#2$L?e
zv@F3nTxHl_$OLGfl`J!4Z=Gb4uy;+c;Fj#jNFJZbR=koK4&i)NP1
zqdzRD281yZ6d9OnhpmlKPH7PuRcWWj1`A^~S^&Worb0-XZF9OpB2P@zSDSHAM6P=u
zu%htStq(F2x+JTd?&*4vdrQD^mm#!-Vi5Sg%?6r?e+olBTpZqXk?PiZz*y8xjq5U=
za=7ADU*I6Wg4?&N>Zqwsn%{aM`}4l75sj3Z^J}IEy*i18^mFs*PyB8uI=jQ$CB!9!
z7j?#NsrdO#vSk$7T4tFC_IJ
z(VCzKC95RPNZM7>m+xnz3^)YE6@#2T1H(2fZ&|+a(iKLSf`jIJ$-MB=T!pgAPZ?ZM
zPw_jomwl9|l>bzR5k6jlcf%pE$A)WRtGa?%Ax$QIg^5DV)oBIVNqWE#g5j%`{|FT+
z1lyYhF(8+7rA{rx*^7IVE+>RrI;$72kIGUhTo*#^YoDrM&zf-7Avy;W{)@*46Sy4L
z_TWOcgER6Y+(Sr$_%L@>vrOK?VHb=y~Zo7-#
zF{?P$ffOWVEg=TII$kG;}MA96
zH3Zi>xZb(Inkb?LLCB6q)Wu+48V^EdI+~@;ijhukB5^lcj18smtaN&0^C+4bPA5E&
zi*76*MgC$QK{<%yYBHHmOEqRqAQX2P)tdHR~Lo8;b1Usz-9+3UNWFB#d%
zL;NUwRBja}Z3D!g+WQYT^vW{KN0cY31II25|ZRdZzcOhb-huqS6}
zd+uuQKoW|xaFdBdrSu|L=o*4+MEH_usP)D;EszaemAEVlt22=Muhpg@AHSkCbq7eo
zM$lEH%CL8kiYpd0ty|H)m~iA9;Vxe*cfUD*4$NTj%883_WpiG@g8P6-U;Rv0>4q6S
z$?O2Lgt%ElO*M%k`t52HH-?CHI09YBZG6B8TAcL?N+_5n)wcFRwl(4Z4iYV+
zRT-;qX)4u_`}aiVZ%#wr7zF6zs+Ud_VJi16$SChZF#~-VPzvqThACb>LdKblME3m-
z$E7h|wW-V>>XM>-Tl^VT?(_I-L+UiONF8=zX}b?!1#2FODsfxHo7W;Agqz~qe%kgY
zqOIp(w>@W!#1=jwS-FS9mY5u#`H0b;Jvq#DWowhA@K&H=+0$F`{M3ztglFEO`G<`T
z8KS|X+tWw+u1cWlQqx-GgInpNju%96L?{W?Lc`&ItxhuE*&p^DIVR>#?8Z|N5FJr4
z3zhnI$VNS*#5z^*^pICC@&y_YM^4=RB7p7S>8dU;^DTAtsTNH~>9z(W2V%FB{$+fz+UH&ZdxsTaY9UUua9Xjnf&7sA6WhLflc(7g$
zmApGaZvLsFX?<)ydd&L;ThLk0T3LO;*?;7@c?6Wa#vxQGREQRb(6pt`G0ce=^i;)3
zh;1-CS?~TvYtU+>^oJtG*;PWi#Ak^b2MMXpGZD83`rMhHM@96tHe{0m=6t6h4)MityF}j*N#qMUz
zeJz>BGD{_8nncd_@THs9ZrixFTQM!}R6yx1$TB*28--jI<=H~}c~^<9>dN^08p??u
z-7dew-4frUtkELotI*;)U(`wHwrx24viW>J3L07Uq`~#$^~~(^b(~wXVD)RWYk6WE
zBS`;(;>jI@&DUmT$@UXs?qx@6T}@p>9NzVw5NuS+2uSd+zw|q;YTOt!8VWY0yM!Iv
z0^bqGmz}={7CrmcoWrF8A@BWr2QOX*RoCXvV%}sIgw8F{Qkhyfk_bHYz?C_5+dJ~#
zk|1m@x2L@Mo^zqtkWAev(hTw?pcwXw+-rl#(VeF$Kd=Q}w3tqSUBoRtt5!5D#*~{y
z8aF->U^W(Z&C>8aYVnO`6jiM(w`yFE)kwq_klAV)PDJ96A`L_$M}t)KuM_EE+utoc
z-05f{mI?~5=pooMw%xAA_rSB{b67{LUc#k5>DUDc?o{}1Q7~11W#E1YI&o6Ls*Pst
z#MEnjtoNuv5v!NIMrPx~>d6$EBn<0d$Xb2;2Pn@3^&o{f4wn6*e
z(s)=ed2_8nTu2SQ$TR)6@6Z6&c9v5t`_*&I);9=G0wq}wW@O?C$nh@&JiQK}-331~kMN?XvdO(CQ93d@B4pfl&S$hQ?=P(Mv1{`)&oMO7rSDT7R^N
z$cCf{atI84Re9Oc?)Nx3g*}(^iOs9W;Blsof1!&##Ia9wCtk#x-?C*1Wj`#AiPYU@
z!*jha)kci9PmKVDjp7>T8Z{bXH=!>xeYY#_BDCfEi6EmC`wktI1-D)NNE&+`vsWS-
zB7SOf>gCV9KQow6Mk;ptK>O2LDOTccy7=SQ1OuKc@ynGPJKuPeG&A(f(9`Ck!0$gX
zf-@PtUg?j4d_E+BJ<0k92bY4yH1liXC3Uw5D3K7O4F=T)bH9WccRXF#zFSGj5t_d2
zBu{{D?1Hp-G?9S_SyfWQpU#R+rIWTAwYRZau
z%3=R#EP&zz7xg3anT_s0$ctQ^n9T__vqVa_Z`u9I?>2~2kDf?r
zSt*AM*cctw-k$D0X*+LsG;tcNXQx>n+KID^pqV>sCk$LAK%%sHwZNa~McAG#STH_*)!3diq(sl8v_}(mh&Wc4JDdmwaOm
z8uq6Sx%$-F(0H@yIMh0xYjY)le37Tm|5`{dAhZ2fuj&XUIOC1%Bvx}wQm2|7eACZt
z5{XPJmIhB6<3OY7ggXzzLV2T(1Cen7oSl!eq!;g9#<2M?s{Cqj;EUT{w^!l!D?{+G
zb?Rrh{3D5K6xQ;4vgE9q84=V5DaRxDxqI9?M`2;~DUE+0>!fIADJdrvQ4p?pL32c=
z1~cP`>M|i)f}Gzc_e~@mvy#g)N5(=k%0bcD2Hn=3MI2tL#^K+K2K*Hc?QRB?aXFV1
zIx@4N@veEi=#Jg5v38ZI-W=O0niTEfy<05DZk~TLex&^MPd7{OSZC4Z6U6<+yt)`_
zCJ4UI;>lFogqs*o*z)TTzJtb#U@~_qLC!B_o{)#aN=KDg1%IbLu~~)KPXT_uDyW|V
z+zBKmFJ|~ZfA;**RpPCYIB9jaL4pJ_z+|Joy1O!
z{l$2*R`??qF6=^y9?Da0HM3~E5{;|fC(;eD=#vnS%|qj{MKJ-ka
z>c-u4iZB8!d9SFK@^Vn8I2oI<3qK7i3;%4?3hg*vqVlNbrP$Tr(*P)Hkl^LZ(w5=r
zJIu6`pSHk?&kiQP!C3QGvw$&@_Aw?mS0^@HTB%)td5eKO#6hb+`c7<;yAQ-Ji6hUp
zM=uPpQKhI@`VG;KQFS(WzYUnLR1}W~9m;>~nr3b*JhBtmRfZTliOyICW6u&xsV^xr
zCLa!szDxJpw#CrAaNKct$mX3lC*uQ+wp^M&oqXteJ^diw=2?`DW_r7|_6>)bd}{g-
zDFsE(j~GkeF87C?=QNe>c0|$nJBlyGgjWeLUZ^#QB}C+H-ezCDvY09Rf;B4;jATzs
z%r-Ss0+%G3PZHr^&bP~GfDH-!l?MkdpPl}Q}tyEh#3a^Gd&4BJbW12g*x1UmK
zc{|#h`i$FFRLm7WwV90Ht?K0ENPHKnA1O||5hkOB$KToQ6Ii%g_wkktQ@O|fh&oNE
z&HT){N-X}TD8{dP-@WW8MSCDI?t6>FZI1AViZ9grm6|ATOS=k_TEZ=fs@~g1ov-Yo
z-Kw^H#WwF}jH_5AaGRvF5E~;cw%S7%Y&D*|&8PlaGHcf0IvyrJTjGc|E7vSGr)T)8
zv9HPUA$xu9W1evh+EUT^&x?g|O5XLjMn|Y6m5g?Sc&q1dpM4-D;WDvW+uPCYZu>A{
z@9*)tNdokE<4$6#V7<`la)%1dz)(aG5T%c5&-UpsPk806f5tHn-N`+*L?5Gr)ET*z%~;Wm5Z#_!acxZ`LdIKx5eHsMh;pbwX%ij|N-3+-5FNOV`QfLWoeF
zExavz3Qo{c}mvhKpzLbA+6po4PQq_*WV3S=eenkCp7C%qBWhOp|H!Nfm2V*
zGz@Uk%D6aGU!W@0*Yg1NeC}rs<*SanR=w*n>`qd#g|_dVHrQTi2S>^?xW#py>1iD2
zV8%J<;MX*sUT-^19x(N#byv=rS1SoHLhQ8M(&Ti~@-%5>$Hay42~yV3+nzIg#L@>6FwOwv$Ib$JHiK(jxpDD9_t5+*>A+KBkt=
zFWNADlCu|}^zBN~pMfww+0*}GgcCJD-Js8Fcmj|u&w3y!~8tQpn>$el+_eTMjs98^D
z5j;@3XZ)fM#AU~5VZ5F6`}(el+YOw>m?58fG@s1bxR(G(ZbF+&nsRe^UVm7^)U5MU
z0}Lq=T+hjp^vhPB-nN-WBJ^9wt<5g~AuFvghlVS+lC4Zxg{3#sPZ{Pv&pO2tHkY}i
zx|R)|N>$Kz(F$NjbD2)*$CPEJ%?Uh>gY)>af{&Ra^8(Eg>8(VxCi$0OZbD$D2~O(&
zplnnw9`WLArpxn*&g`#@6TiafaghgS5TAr<&Ls{Qrbq7}RNE`J;M4-aYu-@JH#kFfK
z5=ClVHV2poRtgx7>;|45%6}Hosu~Lr5yjpx(*GQM2Z7Sajj%zw7PQ0_ebimRO_zrJ^@o~NBjjAdu9E?w2Q>68DcoYE*3sdg
zpJsA*Z*87sYnPl*wyZj*=F5qWzD9R@hPbb(O6Yr#6>j>h;pDwxg=v8n4^
z#KnPPWy4n=dEz*YIw=xV`OiwAn{`=T>pNCSLg+!HioMq-VdML4M^AW
zcT`78%+rp~K^@3i#JFcrc`&9(Y9aA3=guM0HTTXcl1Hq~wjfk(N$!fnoJ!4lPmQQQ
zke91R4V^*jKcXQ-kZJ#o#2b{P1V
zBq6Y>b=L2WP`TwhpPyr63NG#3d_(73uk{+gK