Backend Flashcards
What is Node.js?
Node.js is an open-source, cross-platform JavaScript runtime environment that executes JavaScript code outside of a web browser. It allows developers to use JavaScript to write command-line tools and server-side scripts to produce dynamic web page content before the page is sent to the user’s web browser. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, particularly well-suited for data-intensive real-time applications.
What is a runtime environment?
A runtime environment is the environment in which a program or application is executed. It’s a platform that provides the necessary components to execute and run software applications. For Node.js, the runtime environment includes everything needed to execute a JavaScript program, such as:
The V8 JavaScript engine (same as in Google Chrome)
Core modules and APIs
Event loop for asynchronous operations
Access to the file system and network operations
A module system for organizing and reusing code
The runtime environment handles memory management, provides access to system resources, and ensures that programs can interact properly with the operating system.
What is the difference between req.params and req.query?
In Express.js (a popular Node.js framework):
req.params: Contains route parameters (URL segments) that are captured from named route placeholders. For example, in the route /users/:id, the value of the :id segment would be available as req.params.id.
Example: For the route /users/123, req.params.id would be “123”.
req.query: Contains the query string parameters from the URL (what appears after the ? in a URL). These are key-value pairs used for optional parameters.
Example: For the URL /users?sort=name&limit=10, req.query would be { sort: “name”, limit: “10” }.
What is body-parser and what does it do?
body-parser is a middleware for Express.js that extracts the entire body portion of an incoming request stream and exposes it on req.body as something easier to interface with. It processes various types of request bodies:
Parses JSON payloads (application/json)
Parses URL-encoded forms (application/x-www-form-urlencoded)
Parses raw text bodies (text/plain)
Can handle multipart bodies (multipart/form-data) through additional libraries
Without body-parser (or its equivalent functionality now built into Express), req.body would be undefined or unparsed, making it difficult to access data submitted in POST requests.
What security mechanisms are available in Node.js?
Node.js offers several security mechanisms and practices:
HTTPS Module: For secure communication over encrypted connections
Helmet: A middleware that helps secure Express apps by setting various HTTP headers
Input Validation and Sanitization: Libraries like express-validator, validator.js, or joi to validate user input
Authentication and Authorization: Modules like Passport.js, JWT (JSON Web Tokens)
Rate Limiting: To prevent brute force and DoS attacks
Content Security Policy (CSP): To mitigate cross-site scripting and data injection attacks
Dependency Security: Using tools like npm audit to scan for vulnerable dependencies
Environment Variables: For secure configuration management
CSRF Protection: Middlewares to prevent cross-site request forgery
Session Management: Secure cookie handling and session management libraries
Implementing proper security requires a combination of these mechanisms along with keeping the Node.js runtime and dependencies up to date.
