1. Can you explain the purpose of each type of HTTP Request when using a RESTful web service?
  • RESTful web services heavily rely on HTTP by design. They use different HTTP methods to perform their job and uses HTTP response code to inform clients about success or failure of a particular request. REST stands for Representational State transfer and it uses HTTP to allow two systems to communicate via remote calls
  1. What’s a test pyramid? How can you implement it when talking about HTTP APIs?
  • The test pyramid is a concept developed by Mike Cohn. It’s essential point is that you should have many more low-level unit tests than high level end-to-end tests running through a GUI. A test pyramid delivers a graphical representation of a best-case test scenario where you have a large number of low-level unit tests (around 70%) and comparatively few high level end-to-end system tests (about 10%), with an intermediate layer of integration tests sandwiched in between which adds up to around 20%. A test pyramid describes that when writings test cases there should be a lot more low-level unit tests than high level end-to-end tests.When talking about HTTP APIs, it may come down to this:
  • a lot of low-level unit tests for your models
  • less integration tests, where you test, how your models interact with each other
  • a lot less acceptance tests, where you test the actual HTTP endpoints.
  1. What is the “demultiplexer”?
  • A Demultiplexer is a data distributor read as DEMUX. It is quite opposite to multiplexer or MUX. It is a process of taking information from one input and transmitting over one of many outputs. This article explains different types of Demultiplexers.
  1. What’s the difference between “blocking” and ‘non-blocking’ functions?
  • Blocking call waits for the I/O operation to complete before returning. Its results are returned synchronously. Nothing else in that process takes place during the waiting. In contrast, non-blocking call returns immediately without results and uses alternate means to check for completion. Other processing can be done while waiting and the results are returned asynchronously. Node.js libraries and core api provide non-blocking calls that can be used to build performant applications. Such applications make use of I/O waiting time to serve other requests.
  1. What are the main security implementations within NodeJS?
  • You can limit concurrent requests using a middleware. Extract secrets from config files or use packages to encrypt them! Also, Prevent query injection vulnerabilities with ORM/ODM libraries. Those are a few I found to really help! You can also avoid DOS attacks by explicitly setting when a process should crash.
  1. Explain the “path” module in NodeJS.
  • Path is the name of the module to be included, it is stored in the variable path (var path). One can even use const instead of var. Also, we could use any other name (on the left side of =) instead of the path but it is a universal convention to use the same name as of module name.