By default npm installs packages using ^ which means any version in the same major range, you can switch this behaviour by using –save-exact
// npm
npm install --save --save-exact react
// yarn
yarn add --exact react
I created a blog post about this if anyone is looking for this in the future.
https://www.dalejefferson.com/articles/2018-02-04-how-to-save-exact-npm-package-versions/