Top Node.js Interview Questions

Top 50 Node.js interview questions with curated answers across core concepts, practical scenarios, and interview-ready fundamentals.

Top 50 Node.js Interview Questions

  1. For an application that receives a continuous stream of very large (multi-gigabyte) binary data, which is the most memory-efficient approach to concatenating the incoming chunks?
  2. A Node.js application needs to resolve a hostname to its IP address. Which of the following approaches is most robust in handling potential errors?
  3. From a security perspective, what is the primary purpose of an `.npmrc` file in a project that uses both public and private package registries?
  4. For which of the following scenarios would an in-memory database (like SQLite in-memory) be the MOST appropriate choice for integration testing?
  5. A Node.js service is experiencing OutOfMemory errors, but monitoring shows the total free memory is still high. What is the most likely cause?
  6. How are environment variables typically provided to a Node.js application running inside a Docker container?
  7. How can you determine the current working directory of a Node.js process and how might this differ between development and production environments?
  8. A package has the version number 2.3.1-beta.2. According to SemVer, which of the following statements is TRUE?
  9. For transforming a very large file from uppercase to lowercase, which approach is the MOST memory-efficient?
  10. How can Cross-Site Request Forgery (CSRF) attacks be mitigated when using JWTs stored in cookies?
  11. Identify the logical error in the following Node.js code that uses `child_process.fork` for a calculation. The parent process logs the result, but it will always log `undefined`.
  12. Identify the critical security vulnerability in this Node.js code snippet that uses an environment variable.
  13. A script with an active inspector session exits unexpectedly using `process.exit()`. The developer notices that cleanup logic after the exit call is not run. Why does this happen?
  14. Identify the primary performance issue in the following code snippet.
  15. Identify the primary issue in this Node.js code snippet that attempts to handle signals.
  16. Identify the critical security vulnerability in the following Node.js code snippet that constructs an SQL query:
  17. Describe a scenario where using `async_hooks` could lead to unexpected performance issues. Provide a concrete example and explain how to mitigate these problems.
  18. Describe a scenario where using `async_hooks` might be beneficial for debugging a complex Node.js application, and explain how you would implement it.
  19. Describe a scenario where using `async_hooks` to track asynchronous operations could create a performance bottleneck. How could you mitigate this issue?
  20. Describe a practical application of `AsyncLocalStorage` beyond basic logging. Consider scenarios involving custom metrics or distributed tracing in a complex system.
  21. A Node.js server is crashing due to memory exhaustion when handling large file uploads. Identify the likely cause in the code and explain how to fix it using streams.
  22. Aside from raw performance, what is a key architectural difference between the Bun runtime and the Node.js runtime?
  23. Compare and contrast Sinon.js and Jest for mocking in a Node.js E2E testing environment.
  24. Can an event listener be an `async` function? If so, explain how errors should be handled within it to prevent unhandled promise rejections.
  25. Compare and contrast Node.js's `EventEmitter` with the `EventTarget` API found in modern web browsers. What are the key similarities and differences?
  26. Compare and contrast schema stitching and Apollo Federation as strategies for composing GraphQL APIs from microservices.
  27. Can you use the `http2` module to create an unencrypted HTTP/2 server (`h2c`)? If so, how, and what are the practical limitations?
  28. Beyond simple mocking, what is 'Service Virtualization' and how can it be used to create more realistic integration tests for a Node.js application that depends on third-party APIs?
  29. Beyond just finding a module's absolute path, how can the `require.resolve.paths()` method be used for debugging module resolution issues in a complex project?
  30. Compare and contrast Synthetic Monitoring with Real User Monitoring (RUM). In what scenarios would you prioritize one over the other for a Node.js web application?
  31. Compare and contrast how CommonJS and ES Modules handle circular dependencies.
  32. Describe a scenario where insecure deserialization could lead to a Remote Code Execution (RCE) vulnerability in a Node.js application. Explain how to prevent this vulnerability.
  33. Can an ORM interact with database views? If so, explain how this is typically accomplished and what the limitations are.
  34. Compare and contrast monolithic and microservices architectures for building a backend system. What are the key implications for REST API design in a microservices architecture?
  35. Beyond the standard joins, explain the purpose and provide practical use cases for both a `CROSS JOIN` and a `SELF JOIN` in SQL. Illustrate with examples.
  36. Beyond basic cookie settings, describe three advanced security measures or considerations you should implement to harden a session management system against sophisticated attacks.
  37. Describe a scenario where using a `PassThrough` stream would be beneficial. Explain your reasoning and provide a code example.
  38. Besides `pipeline`, what is the `stream.finished` utility used for, and why is it important for preventing resource leaks?
  39. Can the `StringDecoder`'s internal buffer grow indefinitely and cause a memory leak? Explain why or why not.
  40. Beyond basic logging, what specific tools can be used to effectively debug asynchronous errors in a production Node.js application?
  41. Compare and contrast Mocks and Stubs as types of test doubles. Provide a specific Node.js testing scenario where a Mock would be more appropriate than a Stub, and vice versa.
  42. Compare and contrast Spies and Fakes as types of test doubles. Provide a specific Node.js testing scenario where a Spy would be more appropriate than a Fake, and vice versa.
  43. Can code inside a `vm` sandbox access the filesystem? Explain why or why not, and how you might safely provide such functionality.
  44. A valid signature is failing verification. What are common non-cryptographic reasons for this, and how can they be mitigated?
  45. Compare and contrast `crypto.subtle.wrapKey` and `crypto.subtle.encrypt`. When would you choose one over the other?
  46. Describe a scenario where a seemingly innocuous dependency could introduce a significant security vulnerability into your Node.js application, even if it passes all automated security scans.
  47. Describe a scenario where using `assert.doesNotThrow` could lead to unexpected test failures or false positives. Provide an example and explain how to mitigate the issue.
  48. Explain why throwing a custom `RangeError` is a better approach than using `assert` for runtime input validation in the given function.
  49. Analyze the following `package.json`. Identify the security vulnerabilities related to its dependency management and suggest improvements.
  50. Analyze the following `package.json` file. Identify the security vulnerabilities related to dependency management and suggest improvements. Consider both direct and transitive dependencies.