DEV Community

7 Hardest Node.js Interview Questions & Answers

Alex 👨🏼‍💻FullStack.Cafe on July 18, 2018

Node.js is an open-source, cross-platform JavaScript run-time environment that executes JavaScript code server-side. Node.js lets developers use J...
Collapse
 
jesseditson profile image
Jesse Ditson

I’m glad folks are posting interview questions on here, we can all do better when it comes to crafting them. In light of that, i’ve noticed a pattern of asking questions like “what is the reactor pattern” that I personally think are pretty counter productive. Asking about industry terminology rather than the application of said concepts locks out non-industry (e.g. self-taught) folks, who are otherwise likely going to be some of your best candidates!

Thank you for the post, some other questions on here are quite good. Hopefully discussions like this can help us all hire the very best people.

Collapse
 
nahuef profile image
Nahuel

Thank you, I can totaly relate to this, I've working with NodeJS self-taught for almost 3 years now, and I've never read anything about "reactor pattern"... Had no idea that that, had a name.

Collapse
 
sagar profile image
Sagar

sometimes, the interviewer asks the reactor pattern question. I completely disagree with them. why does the interviewer ask indirect questions to just show the candidate he/she is smarter?

Collapse
 
erebos-manannan profile image
Erebos Manannán • Edited

in your Q7 the "solution" does not perform the same actions as the first one, you're ignoring the arguments, and using console.log instead of res.send .. I'd fail you for that answer

also LTS is not a Node.js term, it's a generic term .. you will find it in use in linux distros and many other places

oh and I massively disagree on these difficulty ratings

Collapse
 
pawda profile image
Memoria

Indeed Q7 answer's is totally wrong and don't do the same as the first version.
if "someOtherFunction" throw it will print and continue with execution of "somethingElseFunction".

The second answer is even more wrong as it includes a try/catch

Collapse
 
rodrigues profile image
Leandro Rodrigues

Hi Guys,

Quick question - At Q1 what do you mean with "secrets are kept outside committed code". Could you provide an example?

Collapse
 
erebos-manannan profile image
Erebos Manannán

it means you don't put your mysql password, paypal login information, etc. in your version control so it's basically safe to show your version control to someone without them getting access to your accounts or servers

how you do it, is by e.g. creating a config.local.* -file that you never store in the version control and generate for each environment, or by reading some variables from the environment, or some such .. often you will want to use a system like Kubernetes, SaltStack, Chef, or some such to manage these secrets and their deployments securely

Collapse
 
acostalima profile image
André Costa Lima • Edited

I agree, but the example posted is not consistent with what you said above or it is somewhat misleading. The example appears to demonstrate storage of sensitive configuration data in a JS module which is being required in the code. The best practice is to read configuration from environment variables directly, no?

Thread Thread
 
erebos-manannan profile image
Erebos Manannán

I have no idea where you came up with this "best practice" from, it's one way to deal with it. The file is just fine as well as long as you don't store it in version control, i.e. add it to your .gitignore or similar.

If someone gets on the server they can read the process environment just as well as the file.

Thread Thread
 
pawda profile image
Memoria

Being able to pass secret by environment variable is a MUST and part of the 12 factors.
12factor.net/config

You also need to commit your config file otherwise new people needs to understand how to works.
You could have a config.default but then it means you will have to maintain it and deal with optional configuration.

Thread Thread
 
erebos-manannan profile image
Erebos Manannán • Edited

You quote the "12 factors" as if it is your holy book, that alone is something to worry about.

Also the only real point that page has is:

A litmus test for whether an app has all config correctly factored out of the code is whether the codebase could be made open source at any moment, without compromising any credentials.

That doesn't mean or even hint at the need for environment variables, simply that your secrets and similar configuration isn't committed to your source in a human readable format. You CAN even commit your secrets and still pass that check, if you encrypt them so they can only be decrypted in the environment they're deployed to (often employed strategy e.g. when working with Salt Stack).

There is no reason secrets "must" be passed by environment variables. That might be a necessary strategy for the way you make your deployment, but not for everyone.

but then it means you will have to maintain it, like all of your code. I don't see what makes that a problem.

What I do often is commit a config that works for dev environment with a filename like config.example.*, and then simply deliver another config file for other deployments.

Additional concern is making sure your devs will have to spend minimal effort on fixing their environment, so it's even regularly worth symlinking or otherwise automating the use of your dev config in dev envs in a way that it doesn't accidentally get used on other environments if the config isn't properly created there.

Thread Thread
 
erebos-manannan profile image
Erebos Manannán

One fun thing is when you specifically work with languages such as Python. If you have a file called settings.py which contains your settings coding against it is super easy from settings import PAYPAL_USER, and reconfiguring your app during unit testing is super convenient as you can just monkey patch the module.

This file can additionally of course have logic that reads environment variables into it, something like:

# settings.py
import sys
import os

PAYPAL_USER = "foo"
# ...

_l = dir(sys.modules[__name__])
for _key in os.environ:
    if _key in _l:
        setattr(sys.modules[__name__], _key, os.environ[_key])
Thread Thread
 
pawda profile image
Memoria

Regarding the config.example issue.

It is recognized as a bad practice because you're creating a file that is not requested anywhere and waiting to rot.

It falls as the same category as bad comments hinted by Robert C. Martin, Martin Fowler as well as others that have written on clean architecture and code.

Your devs will use their config.dev which is not committed so any time a new config need to be added or removed, there is no strong obligation to change the config.example file because everything will still work the way it is.

If you've ever work on projects with a big team either enterprise or open source. Many of projects using config.example simply doesn't work out of the box because of the config.example being just a piece of lies.

As for 12factors, well the 3rd point, says explicitly:

III. Config

Store config in the environment

I've mentioned the 12factors since the OP already mentioned it in another of his post.

Now without it being the holy grail or anything, it's a set of "best" practices that most if not nearly all recent IT books are derived from when they're talking about production ready code. Not having heard of it in 2018 is something to worry about.

@acostalima was asking if env was a best practice and you cannot deny him that.

You surely could do another way, a best practice doesn't mean the "one and only".

As you say is depends on your way of deployment. For example, if you're running on cloud providers like AWS, then use of secret manager makes a lot of sense for any secrets config.

Thread Thread
 
erebos-manannan profile image
Erebos Manannán

Your devs will use their config.dev which is not committed

Um no, don't do that. Use a config that IS committed as the developer environment config, so when you add something to it you automatically set the correct value for all other devs.

Anyway, there is little point in continuing this.

Thread Thread
 
acostalima profile image
André Costa Lima

Thanks you both for your insights. 🙂

Collapse
 
johntomcy profile image
Tomcy John

You could and should use a secret management external product line hashicorp vault and manage secrets there. From node use vault to retrieve the secrets as and when needed. This is one of the best approach that I know off.

Collapse
 
asyncawait3 profile image
AsyncAwait • Edited

In the last example since there is now dependency in async functions, why not just:

const check = (req, res) =>
  Promise.all([someOtherFunction(), somethingElseFunction()])
    .then(() => res.send('result'))
    .catch((error) => res.send(error.stack))
Collapse
 
pawda profile image
Memoria

only if "somethingElseFunction" does not depends on the result of "someOtherFunction"

Collapse
 
jexah profile image
Jeremy Short

This is not correct, because in your code, both functions will run concurrently, whereas in the original code, they run sequentially.