| Step| Description|

|--------------------|-------------|

|`verifyConditions`| Verify the presence of the`NPM_TOKEN` environment variable,createorupdate the`.npmrc` file with the tokenand verify thetoken is valid.|

|`verifyConditions`| Verify the presence of the`NPM_TOKEN` environment variable, oran`.npmrc` file,and verify theauthentication method is valid.|

|`prepare`| Update the`package.json` version and[create](https://docs.npmjs.com/cli/pack) the npm package tarball.|

|`addChannel`|[Add a release to a dist-tag](https://docs.npmjs.com/cli/dist-tag).|

|`publish`|[Publish the npm package](https://docs.npmjs.com/cli/publish) to the registry.|

Both the[token](https://docs.npmjs.com/getting-started/working_with_tokens) and the legacy (`username`,`password` and`email`) authentication are supported. It is recommended to use the[token](https://docs.npmjs.com/getting-started/working_with_tokens) authentication. The legacy authentication is supported as the alternative npm registries[Artifactory](https://www.jfrog.com/open-source/#os-arti) and[npm-registry-couchapp](https://github.com/npm/npm-registry-couchapp) only supports that form of authentication.

**Note**: Only the`auth-only` [level of npm two-factor authentication](https://docs.npmjs.com/getting-started/using-two-factor-authentication#levels-of-authentication) is supported,**semantic-release** will not work with the default`auth-and-writes` level.

**Notes**:

- Only the`auth-only` [level of npm two-factor authentication](https://docs.npmjs.com/getting-started/using-two-factor-authentication#levels-of-authentication) is supported,**semantic-release** will not work with the default`auth-and-writes` level.

- The presence of an`.npmrc` file will override any specified environment variables.

constnpmrc=tempy.file({name:'.npmrc'});

constenv={NPM_TOKEN:'env_npm_token'};

awaitrequire('../lib/set-npmrc-auth')(npmrc,'http://registry.npmjs.org',{cwd, env,logger:t.context.logger});