Last year a backend engineer I know spent three weeks grinding LeetCode before a senior Node.js role at a logistics startup. He passed the algorithmic screen without trouble, then got tripped up in the system design round when the interviewer asked why his proposed architecture would create a backpressure problem at 10,000 concurrent users. He’d never thought about Node.js streams seriously. He knew the event loop existed but couldn’t explain what actually blocks it.
Node.js interviews have a specific pattern. The first filter is conceptual: do you understand why Node.js works the way it does, not just how to use it. The second filter is practical: can you reason through a real performance problem or architecture decision under pressure. The 47 questions below cover both filters, roughly in order of difficulty.
The event loop questions everyone faces
Every Node.js interview starts here. The interviewers who ask these questions aren’t looking for a recitation of the spec. They’re watching whether you can reason through a concrete example.
- What are the six phases of the Node.js event loop, in order? What happens during the poll phase specifically?
- What’s the difference between process.nextTick() and setImmediate()? Which executes first, and in which phase?
- Explain what “non-blocking I/O” means in the context of a file read in Node.js. What’s actually happening while the file read is pending?
- The libuv thread pool defaults to 4 threads for file I/O, DNS, and crypto. What happens to your application if all 4 are occupied and another I/O request comes in?
- Give me an example of something that would actually block the event loop. What happens to pending I/O callbacks during that block?
- What is a microtask? How do Promise callbacks relate to the event loop phases?
- Explain why a CPU-intensive operation (like compressing a 50MB file synchronously) is more dangerous in Node.js than in a language like Java with a traditional thread-per-request model.
On the thread pool question: a lot of candidates know the default is 4 and know it can be changed via UV_THREADPOOL_SIZE. Fewer know that this affects crypto.pbkdf2 specifically, which is a common source of production latency spikes when you have a lot of password hashing under load. That detail separates candidates who’ve debugged real systems from candidates who’ve read the documentation.
Async patterns beyond the basics
Callbacks are mostly gone from new code, but interviewers still ask about them because understanding callback hell explains why Promises and async/await exist. You need to be able to move fluently between all three.
- Write a function that reads three files sequentially using callbacks, then rewrite it to use Promises, then async/await. What does each version handle differently when a file is missing?
- What does Promise.all() do when one of the promises rejects? What about Promise.allSettled()?
- Explain the difference between Promise.race() and Promise.any().
- What happens if you use await inside a forEach loop? Why doesn’t it work the way most people expect?
- What is an async generator? When would you actually use one over a regular async function?
- Explain the “unhandled promise rejection” warning. How does its behavior change between Node.js 14 and Node.js 18?
- What does util.promisify() do under the hood?
The forEach/await question is a classic trap. The expected wrong answer is “it awaits each iteration.” The correct answer is that forEach doesn’t wait for async callbacks, so all iterations fire simultaneously and the outer function doesn’t wait for any of them. I’ve seen this come up in actual production bugs, not just interviews.
Express, middleware, and real HTTP concerns
- What is the difference between app.use() and app.get() in Express? How does middleware order affect which middleware runs?
- How does Express handle errors in async route handlers? What’s the standard pattern for catching them?
- What is the difference between res.send() and res.json()? Does it matter?
- Explain how to implement rate limiting in Express without a third-party library. What data structure would you use to track request counts?
- What does the X-Powered-By header do and why would you remove it?
- How would you implement request validation middleware that returns consistent error shapes?
- Explain what helmet.js does and why it matters for production Node.js APIs.
Scaling, performance, and the questions that filter senior candidates
The Stack Overflow Developer Survey 2024 shows Node.js as the most commonly used web technology for the fifth year running. The market for senior Node.js engineers is real and competitive. These questions are where senior candidates get separated from mid-levels.
- Node.js runs on a single thread. How do you scale a Node.js application across multiple CPU cores? What does the cluster module do, and how is it different from running multiple PM2 instances?
- What is backpressure in Node.js streams? Give me a real example of when it would occur and how you’d handle it.
- Explain the readable, writable, duplex, and transform stream types. Which would you use to process a 2GB CSV file without loading it into memory?
- What’s the difference between connection pooling in pg (node-postgres) and Sequelize? What happens if you don’t pool connections?
- TCP connection establishment takes approximately 100 milliseconds. How does this affect a Node.js service making 200 outbound HTTP calls per request, and how would you fix it?
- What is V8 garbage collection, and what code patterns lead to memory leaks in long-running Node.js processes?
- How would you use worker_threads for a CPU-intensive task without blocking the event loop? What are the limitations?
- Describe how you’d implement circuit breaking in a Node.js microservice that calls a flaky downstream API.
The TCP connection question has a real answer: connection pools and HTTP/2 multiplexing. But what I find interesting is that most candidates who’ve built Node.js services at scale know this instinctively and can’t explain why. If you’ve never profiled the connection overhead, spend 20 minutes with the Node.js built-in performance hooks before your interview.
Authentication, security, and database questions
- What’s the difference between authentication and authorization? How do you implement both in an Express API?
- Explain JWT structure. What are the security risks of storing a JWT in localStorage versus an httpOnly cookie?
- What is a timing attack on a string comparison? How do you prevent it in a Node.js password verification function?
- How does bcrypt work? Why is its slowness a feature rather than a bug?
- Describe how you’d prevent SQL injection in a raw pg query. How is this different from parameterized queries in Sequelize?
- What is CORS and what does the preflight request do? How would you configure CORS in Express to allow requests from two specific origins?
- What is the difference between a connection string and connection pooling in terms of Postgres connections? What happens at 500 concurrent users if you’re not pooling?
Architecture and the open-ended questions for senior/staff levels
- You’re building a real-time notification system for 50,000 concurrent users. Would you use WebSockets, Server-Sent Events, or long polling? Walk through the tradeoffs for a Node.js backend specifically.
- How would you add a message queue (like BullMQ or Kafka) to a Node.js API? What problem does it solve that a direct async function call doesn’t?
- Explain the difference between monorepo and polyrepo for a Node.js backend with 6 microservices. What would push you toward one versus the other?
- How would you set up structured logging in a Node.js service running in Kubernetes? What fields would you include in every log line?
- Walk me through how you’d debug a memory leak in a Node.js service that shows steadily increasing heap usage over 48 hours.
- Your Node.js service starts timing out on database queries under load, but only intermittently. What are your first five hypotheses and how do you test them?
If you’re preparing for senior-level Node.js interviews, the architecture questions are where candidates with real production experience show it. You can memorize answers to the event loop questions. You can’t fake having debugged a real memory leak under a 30-minute incident window.
If you want to practice talking through these out loud with follow-up pressure, Craqly’s interview practice mode can push back on your answers the way a real interviewer would, which is hard to replicate with static prep materials.
One honest caveat: the line between “Node.js interview” and “backend systems interview” has blurred at larger companies. If you’re targeting roles at Stripe, Shopify, or similar, expect questions that are more about distributed systems and less about Node.js-specific APIs. The event loop section above still applies, but the architecture section gets heavier. Adjust your prep accordingly.