Express.js

Routing, middleware, error handling, and Express patterns asked in Node backend interviews.

21 notes View all on one page

2 Fundamentals

What is Express Express vs Koa vs Fastify vs NestJS

3 Routing

Routing Basics Route Parameters & Query Strings Router & Modular Routes

4 Middleware

Middleware Concept Built-in Middleware Third-party Middleware Error-handling Middleware

3 Request & Response

Request Object Response Object Static Files & Templating

3 Security

CORS Helmet Rate Limiting

3 Auth & Validation

Authentication Patterns Sessions vs JWT Request Validation

3 Production

File Uploads (multer) Async Error Handling Testing with Supertest

Fundamentals

What is Express

A minimal, unopinionated web framework that sits on top of Node's http module.

beginner express fundamentals http

Express vs Koa vs Fastify vs NestJS

When to pick which Node web framework — performance, structure, and tradeoffs.

intermediate express koa fastify

Routing

Routing Basics

Defining routes with app.get/post/put/delete and sending responses.

beginner express routing http

Route Parameters & Query Strings

Reading dynamic URL segments with req.params and ?key=value with req.query.

beginner express routing params

Router & Modular Routes

Use express.Router() to split routes across files and keep large apps organized.

intermediate express router structure

Middleware

Middleware Concept

The core mental model of Express — req, res, next, and the pipeline.

intermediate express middleware next

Built-in Middleware

express.json, express.urlencoded, express.static, and express.Router.

beginner express middleware body-parser

Third-party Middleware

The essential npm middleware: cors, helmet, morgan, compression, cookie-parser, and body-parser — what each does and when to reach for it.

intermediate express middleware npm

Error-handling Middleware

The special 4-argument middleware that catches errors thrown anywhere in our app — why the signature matters and why order is everything.

intermediate express middleware errors

Request & Response

Request Object

Everything we can pull off req: params, query, body, headers, cookies, ip, path — the data we need from the client.

beginner express request

Response Object

The res object — sending JSON, setting status codes, redirects, file downloads, and chaining it all together.

beginner express response

Static Files & Templating

Serving CSS/JS/images with express.static, and rendering HTML on the server with EJS, Pug, or Handlebars.

beginner express static templating

Security

CORS

Cross-Origin Resource Sharing — why the browser blocks our frontend from calling our API, and how the cors middleware fixes it.

intermediate express cors security

Helmet

One line of middleware that sets a dozen security headers — what they block and why each one matters.

intermediate express security headers

Rate Limiting

Protecting Express APIs from abuse with express-rate-limit, comparing algorithms and stores.

intermediate express security rate-limiting

Auth & Validation

Authentication Patterns

Passport.js strategies vs custom middleware, plus refresh token flows in Express.

intermediate express auth passport

Sessions vs JWT

The classic interview tradeoff: stateful sessions with Redis vs stateless JWT tokens.

intermediate express auth sessions

Request Validation

Validating bodies, queries and params with express-validator, Zod, and Joi.

intermediate express validation zod

Production

File Uploads (multer)

Handling multipart/form-data uploads in Express with disk vs memory storage.

intermediate express multer uploads

Async Error Handling

The Express 4 async/await catch-22, the express-async-errors patch, and Express 5's native fix.

intermediate express async errors

Testing with Supertest

Testing Express routes without running a server, using Jest/Vitest + Supertest.

intermediate express testing supertest