I don't think this example is right. You install the u2f-api using yarn, which puts a reference in the package.json, and installs that library into node_modules. Then you use the `javascript_include_tag`, which knows nothing about package.json and node_modules. In fact, by using the javascript_include_tag, it's loading the u2f-api library that is bundled in the `devise_fido_usf` gem in the `app/assets/javascript` directory. 

Try it yourself, remove the `u2f-api` library from yarn and the example app will still work.