Node.js job interview questions are some of the hardest to evaluate well. Not because the topics are obscure — but because most candidates can recite definitions without understanding what’s actually happening under the hood.
This guide covers 30 real Node.js job interview questions across all levels: junior, middle, and senior. Each question comes with what a good answer looks like, not just the textbook definition. Whether you’re an HR preparing for a backend hire or a developer getting ready for an interview — this is the list to work from.
Junior Node.js Job Interview Questions
These Node.js job interview questions test the basics. A junior who can answer these confidently has a solid foundation.
1. What is Node.js and how is it different from the browser?
Node.js is a JavaScript runtime built on Chrome’s V8 engine. It lets you run JavaScript outside the browser — on a server, in a terminal, anywhere. The key difference: the browser has the DOM, window, and document. Node.js has process, fs, http, and access to the file system. No DOM, no window.
2. What is the event loop?
The event loop is what makes Node.js non-blocking. JavaScript is single-threaded, so it can only do one thing at a time. The event loop lets Node.js handle multiple operations by offloading I/O tasks (like reading a file or making an HTTP request) and picking up the result when it’s ready. This is why Node.js can handle thousands of concurrent connections without spawning a new thread for each one.
3. What’s the difference between require and import?
require is CommonJS — the original Node.js module system. import is ES Modules (ESM), the modern standard. CommonJS loads modules synchronously. ESM is asynchronous and supports tree-shaking. Node.js supports both, but they don’t mix easily. You can’t require an ESM module directly.
4. What is npm and what does package.json do?
npm is the Node Package Manager — used to install, manage, and publish packages. package.json is the manifest for your project: it lists dependencies, scripts, the project name, version, and entry point. package-lock.json locks exact versions so the same install works on every machine.
5. What’s the difference between dependencies and devDependencies?
dependencies are packages your app needs to run in production (like express or axios). devDependencies are only needed during development (like jest, eslint, or nodemon). When you deploy, you typically install only dependencies with npm install --production.
6. What is a callback function?
A callback is a function passed as an argument to another function, to be called when an operation completes. Node.js used callbacks heavily before Promises became standard. Classic example: fs.readFile('file.txt', (err, data) => { ... }). The problem with callbacks: nesting them creates “callback hell” — hard-to-read, deeply nested code.
7. What is process.env?
process.env is an object containing environment variables. You use it to store configuration that changes between environments — like database URLs, API keys, or port numbers. You never hardcode these in your source code. Tools like dotenv load a .env file into process.env during development.
8. What does async/await do?
async/await is syntactic sugar over Promises. An async function always returns a Promise. await pauses execution inside that function until the Promise resolves. It makes asynchronous code read like synchronous code, which makes it easier to reason about and debug.
9. What is middleware in Express?
Middleware is a function that runs between the request and the response. It has access to req, res, and next. You use it for logging, authentication, parsing request bodies, handling errors, and more. Express apps are essentially a chain of middleware functions.
10. What’s the difference between == and ===?
== checks for equality with type coercion — so '5' == 5 is true. === checks for strict equality, no coercion — '5' === 5 is false. In Node.js (and JavaScript generally), always use === unless you have a specific reason not to.
Middle Level Node.js Job Interview Questions
These Node.js job interview questions go deeper. A middle developer should understand how things work, not just what they’re called.
11. Explain the difference between process.nextTick(), setImmediate(), and setTimeout().
All 3 schedule code to run asynchronously, but at different points in the event loop.
process.nextTick()runs before the next iteration of the event loop — even before I/O callbacks. Use it sparingly; too many can starve I/O.setImmediate()runs in the check phase, after I/O events.setTimeout(() => {}, 0)runs in the timers phase, but with a minimum delay (usually 1ms).
For most cases where you want “run this after the current operation”: setImmediate().
12. What are streams in Node.js and why do they matter?
Streams let you process data piece by piece instead of loading it all into memory. There are 4 types: Readable, Writable, Duplex (both), and Transform (modify data as it passes through). If you’re processing a 5GB log file, streams let you handle it without crashing the server. fs.createReadStream() and fs.createWriteStream() are the most common entry points.
13. What is the cluster module?
Node.js runs on a single thread. The cluster module lets you spawn multiple Node.js processes (workers) that share the same server port. Each worker runs on a separate CPU core. This is one way to use all available CPU cores — though tools like PM2 handle this for you in production.
14. How does error handling work in async/await?
With async/await, you wrap your code in try/catch. The catch block handles any rejected Promise. A common mistake: forgetting to handle errors at all, which causes silent failures. For unhandled rejections across the app, process.on('unhandledRejection', ...) is your safety net.
15. What is the difference between fs.readFile and fs.createReadStream?
fs.readFile loads the entire file into memory before passing it to your callback. Fine for small files. fs.createReadStream reads the file in chunks, emitting data as it goes. For large files, always use streams. Loading a 1GB file with readFile will exhaust your server’s memory.
16. What is CORS and how do you handle it in Express?
CORS (Cross-Origin Resource Sharing) is a browser security mechanism that blocks requests from a different domain unless the server explicitly allows it. In Express, you handle it with the cors package: app.use(cors()). In production, you specify which origins are allowed rather than allowing all of them.
17. What’s the difference between authentication and authorization?
Authentication is proving who you are (login, JWT, session). Authorization is deciding what you’re allowed to do (admin vs. regular user). They’re often confused but completely different concerns. Authentication comes first; you can’t authorize someone you haven’t identified.
18. What is a JWT and how does it work?
A JSON Web Token is a signed token containing a payload (usually user ID and roles). It has 3 parts: header, payload, signature — separated by dots. The server signs the token with a secret key. On each request, the client sends the token; the server verifies the signature. No database lookup needed for each request, which makes it fast. The downside: you can’t invalidate a JWT before it expires unless you maintain a blocklist.
19. How do you handle database connection pooling in Node.js?
Opening a new database connection for every request is slow and expensive. Connection pooling maintains a set of open connections that requests can reuse. Libraries like pg (PostgreSQL) and mongoose (MongoDB) handle pooling automatically. You configure the pool size based on your database’s connection limit and your traffic patterns.
20. What is the difference between SQL and NoSQL databases? When do you use each?
SQL databases (PostgreSQL, MySQL) store data in tables with a fixed schema. They’re great for structured data with clear relationships and strong consistency requirements. NoSQL databases (MongoDB, Redis) are more flexible — documents, key-value pairs, or graphs. Use NoSQL when your data structure changes frequently or when you need horizontal scaling at very high volumes. Most applications work fine with SQL.
Senior Level Node.js Job Interview Questions
These Node.js job interview questions test architecture thinking, performance, and real-world judgment.
21. How would you design a rate limiter in Node.js?
A basic rate limiter tracks how many requests a client has made in a time window. Simple implementation: a hash map of IP → {count, resetTime}. In production: use Redis for shared state across multiple server instances. Libraries like express-rate-limit handle the basics. For more complex scenarios (per-user, per-endpoint), you build custom middleware.
22. How do you prevent memory leaks in Node.js?
Common causes: event listeners that aren’t removed, closures holding references to large objects, caches that grow without bounds, global variables. Tools: --inspect flag + Chrome DevTools heap snapshots, clinic.js, memwatch-next. The fix is usually finding what’s holding a reference and releasing it. In production, monitoring memory usage over time is how you catch leaks before they crash the server.
23. What is the difference between horizontal and vertical scaling?
Vertical scaling: bigger server (more CPU, more RAM). Horizontal scaling: more servers. Node.js scales horizontally well because each instance is stateless (or can be made stateless). But stateful things — sessions, websocket connections, caches — need to be moved to shared infrastructure (Redis, a load balancer with sticky sessions) when you scale horizontally.
24. How do you structure a large Node.js application?
Common patterns: MVC (routes → controllers → models), or feature-based structure (each feature has its own folder with routes, controller, service, and model). The key principle: separate concerns. Business logic should not live in route handlers. Services handle business logic. Controllers handle HTTP. Repositories handle data access. This makes code testable and maintainable as the codebase grows.
25. What is event-driven architecture and when would you use it in Node.js?
Instead of services calling each other directly, they emit events that other services listen to. Node.js has a built-in EventEmitter. For distributed systems, you use a message broker (RabbitMQ, Kafka). Event-driven architecture decouples services — the emitter doesn’t need to know who’s listening. Good for: notification systems, audit logs, workflows where multiple things happen in response to one action.
26. How would you implement caching in a Node.js API?
Multiple layers: in-memory cache (a simple object or node-cache) for single-instance apps; Redis for distributed caching. You cache at the database query level, the service level, or the HTTP response level (with Cache-Control headers). Cache invalidation is the hard part — you need a strategy for when cached data becomes stale. TTL-based expiry is the simplest approach.
27. What are the security risks in a Node.js app and how do you mitigate them?
The main ones: SQL/NoSQL injection (use parameterized queries, never interpolate user input), XSS (sanitize output), CSRF (use tokens or SameSite cookies), dependency vulnerabilities (npm audit, Snyk), sensitive data in logs, overly permissive CORS. helmet is an Express middleware that sets secure HTTP headers with one line of code. Security is layered — no single fix covers everything.
28. How does Node.js handle CPU-intensive tasks?
Node.js is not good at CPU-intensive work. A heavy computation blocks the event loop, making the entire server unresponsive. Options: worker_threads for running CPU work in a separate thread; offloading to a separate microservice; using a job queue (Bull, BullMQ) to process heavy tasks asynchronously. For most web APIs, CPU-intensive operations shouldn’t happen in the request/response cycle.
29. What is graceful shutdown and how do you implement it?
When a server shuts down (deploy, crash, SIGTERM), in-flight requests should complete before the process exits. Graceful shutdown: stop accepting new connections, wait for existing requests to finish, close database connections, then exit. In Express, you listen for SIGTERM, call server.close(), and give it a timeout. Kubernetes sends SIGTERM before killing a pod — if you don’t handle it, requests get dropped mid-flight.
30. How would you approach debugging a performance bottleneck in production?
Start with observability: logs, metrics, distributed tracing (Jaeger, Datadog). Identify where time is spent — is it the database? An external API? CPU? For Node.js specifically: --prof flag generates a V8 profiler output. clinic.js gives you flame graphs without much setup. The process: measure first, identify the bottleneck, fix one thing at a time, measure again. Never optimize based on intuition alone.
How to Use These Node.js Job Interview Questions
A list of Node.js job interview questions is only as useful as the process around it. A few things that make interviews more effective:
- Ask the same questions to every candidate for the same role. Otherwise you’re comparing apples to oranges.
- Let candidates think out loud. The reasoning matters more than the answer.
- Follow up. “What would you do differently if the dataset was 10x larger?” reveals more than the initial answer.
- Take notes during the interview, not after. Memory is unreliable after back-to-back calls.
Save Time on Interview Prep
Preparing Node.js job interview questions manually before every call takes time — especially when you’re hiring for multiple roles at once.
In Tip-Top, you can pick questions from a ready-made library or generate custom ones for any role, level, and tech stack in seconds. No more starting from scratch each time.
Try it free → tip-top.io
ChatGPT
Perplexity
Claude
Calendly