Update README with B&W logo, refreshed copy, and GitHub shields

[raymondjacobson]

Summary

• Switches light-mode logo to AudiusLogoHorizontal.svg (B&W from harmony package)
• Rewrites header copy and intro, lifting from index.html schema description and docs
• Updates packages table: removes discovery-provider, adds fixed-decimal
• Removes the "Running the Protocol" section
• Removes all emojis
• Replaces CircleCI badge with GitHub Actions workflow badges (web, sdk, mobile) + npm shields.io version badges for @audius/sdk, @audius/harmony, @audius/spl, @audius/eth

🤖 Generated with Claude Code

[changeset-bot]

⚠️ No Changeset found

Latest commit: 0e54037

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Critical CVE: npm cipher-base is missing type checks, leading to hash rewind and passing on crafted data CVE: GHSA-cpq7-6gpm-g9rc cipher-base is missing type checks, leading to hash rewind and passing on crafted data (CRITICAL) Affected versions: < 1.0.5 Patched version: 1.0.5 From: eth-contracts/package-lock.json → npm/cipher-base@1.0.4 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cipher-base@1.0.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm brace-expansion is 100.0% likely to have a medium risk anomaly Notes: The analyzed code provides a self-contained brace expansion utility with support for sequences and nested options. There is no evidence of data exfiltration, remote communication, or destructive actions. The random escape tokens are benign and scoped to processing. Overall risk is low, with moderate trust in correctness and performance considerations for complex expansions. Confidence: 1.00 Severity: 0.60 From: eth-contracts/package-lock.json → npm/brace-expansion@1.1.11 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/brace-expansion@1.1.11. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm bufferutil is 100.0% likely to have a medium risk anomaly Notes: This command is typically benign and used to compile native addons. However, because it builds and may execute native code, it poses greater risk than pure-JS installs: malicious or vulnerable native source could introduce privilege-escalation, arbitrary code execution, or other system-level impacts. Review the native source, build scripts, and any downloaded prebuilt binaries before trusting the package. Confidence: 1.00 Severity: 0.60 From: eth-contracts/package-lock.json → npm/@openzeppelin/test-helpers@0.5.5 → npm/@openzeppelin/truffle-upgrades@1.17.0 → npm/bufferutil@4.0.7 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/bufferutil@4.0.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm caseless is 100.0% likely to have a medium risk anomaly Notes: The module provides a practical caseless header utility with standard features. However, there is a notable prototype pollution risk when passing an object to set() and a potential header tampering risk by exposing internal storage via resp.headers. These are security-oriented concerns that should be mitigated by iterating only own properties (Object.prototype.hasOwnProperty.call) and by not exposing the internal dictionary publicly; instead provide read-only access or a controlled API. Confidence: 1.00 Severity: 0.60 From: eth-contracts/package-lock.json → npm/caseless@0.12.0 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/caseless@0.12.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm chalk is 100.0% likely to have a medium risk anomaly Notes: The code is a non-malicious, well-scoped parser and applier for Chalk-like styling templates. It validates and applies styles, handles escapes, and provides explicit errors for malformed templates. No suspicious data exfiltration, network, or system manipulation behaviors are present. Given its context as a library fragment for styling output, the risk is low. Confidence: 1.00 Severity: 0.60 From: eth-contracts/package-lock.json → npm/@openzeppelin/truffle-upgrades@1.17.0 → npm/chalk@4.1.2 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/chalk@4.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm chownr is 100.0% likely to have a medium risk anomaly Notes: The code represents a standard, well-scoped recursive ownership utility with deliberate cross-version compatibility. No evidence of malicious activity, data leakage, or external communications. The main risk is the potential for broad permission changes if invoked with untrusted uid/gid values; usage should be restricted to trusted contexts. Confidence: 1.00 Severity: 0.60 From: eth-contracts/package-lock.json → npm/chownr@1.1.4 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/chownr@1.1.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[github-actions]

🌐 Web preview ready

Preview URL: https://audius-web-preview-pr-13981.audius.workers.dev

Unique preview for this PR (deployed from this branch).
Workflow run

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​bignumber.js@​8.0.1

View full report