build: Lock NPM dependencies for npm install

I observed a regression caused to dependencies updates,
build is file but you can't use UI to add things
(browser complains on module.export = App)
Probably caused by babel update from beta49 to rc2 (TBC).

Project prefers yarn over npm,
but npm install could be used by developers or scripts.

Note that, Adding a (potentially unaligned) lock file,
could create ambiguity
but IMHO it's better to support both than only yarn.

Related links:

https://stackoverflow.com/questions/44552348/should-i-commit-yarn-lock-and-package-lock-json-files

yarnpkg/yarn#5654 (comment)

Change-Id: I9489e365b6d3a70102a7d2ae1e44feb7aeb28c06
Signed-off-by: Philippe Coval <[email protected]>