Use assets from npm instead of CDN

[dmitryrck]

Based on this comment: #22 (comment) :

Your call here, but I think there are a few downsides to the CDN approach:

1. We have to look in multiple places to find which dependencies we're relying on
2. If one of our dependencies contains an XSS vulnerability, we won't get any GitHub security notifications about it
3. Upgrading is a manual process, as opposed to being able to yarn upgrade