Arrays & Strings
must
Two pointers, sliding window, prefix sum
Sub-array sum, longest substring without repeat, max sliding window
Binary search & variations
Search in rotated array, find peak, lower/upper bound — know all templates
Sorting algorithm internals
Merge sort, quick sort, counting sort — know time/space complexity of each
Linked List, Stack, Queue
must
Linked list operations
Reverse, detect cycle (Floyd's), merge sorted lists, LRU cache implementation
Monotonic stack & queue
Next greater element, largest rectangle in histogram, sliding window max
Trees & Graphs
must
Binary tree traversals (all 4)
Inorder, preorder, postorder, level-order — iterative + recursive both
BST operations + balanced trees
Insert, delete, validate BST, lowest common ancestor
Graph: BFS, DFS, cycle detection
Directed & undirected, connected components, topological sort
Shortest path algorithms
Dijkstra, Bellman-Ford — understand when to use which
Union-Find (Disjoint Set)
Path compression + union by rank — used in network connectivity problems
Dynamic Programming
must
1D DP: fibonacci, climbing stairs, house robber
Learn memoization → tabulation conversion pattern
2D DP: knapsack, LCS, edit distance
State definition is the key skill — practice identifying dp[i][j] meaning
DP on trees & interval DP
Matrix chain multiplication, burst balloons
Heaps, Tries, Backtracking
good
Min/max heap, priority queue patterns
Top-K elements, merge K sorted lists, median from data stream
Trie: insert, search, prefix match
Autocomplete, word search — common in backend search feature design
Backtracking: subsets, permutations
Learn the template: choose → explore → unchoose
Node.js internals
must
Event loop — all phases in depth
timers → I/O → idle → poll → check → close; microtask queue (Promise, process.nextTick)
Streams & buffers
Readable, Writable, Transform streams — pipe, backpressure, chunked file processing
Worker threads vs child process vs cluster
When to use each; CPU-bound vs I/O-bound task handling
Memory management & GC
V8 heap (new/old space), memory leaks, heap profiling with --inspect
NestJS architecture
must
Module system, DI container, providers
Custom providers, useFactory, useClass, circular dependency resolution
Guards, Interceptors, Pipes, Filters
Execution order, global vs route-level, custom implementations
Middleware & request lifecycle
middleware → guard → interceptor (pre) → pipe → handler → interceptor (post) → filter
WebSocket gateway in NestJS
@WebSocketGateway, socket.io adapter, namespace/room management
API design
must
REST best practices
Resource naming, HTTP verbs, status codes, versioning (URI vs header), HATEOAS concept
Pagination patterns
Offset vs cursor-based — know when cursor pagination is essential (large datasets)
Rate limiting strategies
Fixed window, sliding window, token bucket, leaky bucket — implement with Redis
GraphQL basics
Schema, resolvers, N+1 problem (DataLoader), when to choose over REST
Auth & Security
must
JWT deep dive
Header.Payload.Signature, access + refresh token pattern, rotation, Redis blacklist revocation
OAuth 2.0 flows
Authorization code + PKCE, client credentials — know which flow for which use case
RBAC implementation
Role → Permission mapping, attribute-based access control (ABAC) concept
Security hardening
Helmet.js, CORS config, SQL injection, XSS, CSRF tokens, input sanitisation
Testing
good
Unit testing with Jest
Mocking (jest.fn, spyOn), testing services in isolation, coverage reports
Integration & E2E testing
Supertest for API testing, test DB setup/teardown, test containers
Load testing with k6
Write load test scripts, interpret p95/p99 latency results, benchmark before/after
PostgreSQL internals
must
Indexing in depth
B-tree, Hash, GIN, GiST — composite, partial, covering indexes, index-only scans
EXPLAIN ANALYZE & query planner
Seq scan vs index scan vs bitmap scan, cost estimation, identifying slow queries
Transactions & isolation levels
READ COMMITTED, REPEATABLE READ, SERIALIZABLE — dirty read, phantom read, non-repeatable read
Locks
Row-level vs table-level, SELECT FOR UPDATE, advisory locks, deadlock detection
Partitioning & sharding concepts
Range, list, hash partitioning; horizontal sharding strategies
Replication
WAL-based streaming replication, read replicas, failover
MongoDB
must
Aggregation pipeline
$match, $group, $lookup (join), $unwind, $project, $facet — optimisation order matters
Schema design patterns
Embed vs reference — bucket pattern, outlier pattern, computed pattern
Change streams & transactions
Multi-document ACID transactions (4.0+), change streams for real-time sync
Redis
must
Data structures & use cases
String (cache), Hash (session), List (queue), Set, ZSet (leaderboard), HyperLogLog (count distinct)
Caching patterns
Cache-aside, write-through, write-behind — TTL strategy, cache stampede prevention
Pub/Sub & Streams
Redis Streams vs Pub/Sub — consumer groups, message acknowledgement, replay
Redis Cluster & persistence
RDB vs AOF, cluster sharding with hash slots, sentinel for HA
ORMs
good
TypeORM — entities, relations, migrations
OneToMany, ManyToMany, lazy vs eager loading, query builder vs repository
Prisma — schema, client, migrations
Prisma schema language, raw queries, nested writes, upsert patterns
Docker
must
Dockerfile best practices
Multi-stage builds, layer caching, non-root user, .dockerignore, minimal base images (alpine)
Docker Compose for local dev
Multi-service setup, volumes, networks, healthchecks, depends_on with condition
Container networking
Bridge, host, overlay networks — container DNS, port publishing
AWS essentials
must
EC2 — setup, SSH, security groups
AMIs, instance types, Elastic IP, key pairs, inbound/outbound rules
S3 — buckets, presigned URLs, lifecycle
Bucket policies, CORS, presigned URL generation, storage classes
IAM — roles, policies, least privilege
Role-based access, instance profiles, policy documents
RDS, ElastiCache, SQS basics
Managed PostgreSQL/Redis vs self-hosted trade-offs; SQS for decoupled queuing
Load balancer & auto scaling
ALB vs NLB, target groups, health checks, ASG with CPU-based scaling policy
CI/CD
must
GitHub Actions workflows
Triggers, jobs, steps, secrets, matrix builds, caching node_modules/Docker layers
Build → test → deploy pipeline
Lint → unit test → build Docker image → push to ECR → SSH deploy to EC2
Environment management
dev / staging / prod environments, env-specific secrets, blue-green deployment concept
Nginx & Messaging
good
Reverse proxy & load balancing config
upstream block, proxy_pass, least_conn, ip_hash strategies
SSL termination with Certbot
Let's Encrypt, auto-renewal, HTTPS redirect, HSTS headers
Kafka internals in depth
Topics, partitions, consumer groups, offset management, at-least-once vs exactly-once delivery
SOLID principles
must
Single Responsibility
Split UserService into AuthService + ProfileService + NotificationService — one reason to change
Open/Closed
Add new payment method without touching existing PaymentService — extend, don't modify
Liskov, Interface Segregation, DI
Program to abstractions — inject interfaces not implementations (NestJS DI makes this natural)
Creational patterns
must
Singleton
DB connection pool, Redis client, config manager — implement with module-level caching
Factory & Abstract Factory
NotificationFactory → EmailNotifier / SMSNotifier / PushNotifier based on type
Builder
Complex query builder, email template builder — chained methods returning `this`
Structural patterns
must
Repository pattern
Abstract DB ops — UserRepository interface with PostgresUserRepository implementation
Adapter
Wrap third-party SDK (Stripe, Twilio) behind your own interface — swap vendors without changing business logic
Decorator & Proxy
Add logging/caching to a service without modifying it — NestJS interceptors are decorators in practice
Behavioural patterns
must
Observer / Event Emitter
Decouple event producers from consumers — NestJS EventEmitter2, Node.js EventEmitter
Strategy
Swap algorithms at runtime — AuthStrategy (JWT/OAuth/API Key), SortStrategy, PaymentStrategy
Chain of Responsibility
Middleware pipeline — request goes through auth → rate limit → validation → handler
Command pattern
Encapsulate actions as objects — job queue commands, undo/redo, CQRS commands
LLD systems to design & code
must
Parking Lot, Library Management, Hotel Booking
Class diagram + working TypeScript/JS code with all design patterns applied
Elevator System, ATM, Vending Machine
State machine pattern — identify states, transitions, and guards
Chess, Snake & Ladder, BookMyShow
Complex entity relationships, concurrency (seat locking), payment flow
Fundamentals
must
Capacity estimation
DAU → QPS → storage → bandwidth — practise back-of-envelope for every system
CAP theorem & BASE vs ACID
Consistency vs Availability trade-off — which to choose when, eventual consistency patterns
Horizontal vs vertical scaling
Stateless services, session externalisation to Redis, shared-nothing architecture
Load balancing strategies
Round-robin, least connections, consistent hashing — L4 vs L7 load balancers
Caching & CDN
must
Where to cache — browser, CDN, API gateway, app, DB
Cache invalidation strategies — TTL, event-driven invalidation, write-through
Cache stampede / thundering herd
Mutex lock, probabilistic early expiration, background refresh patterns
Databases at scale
must
Read replicas & CQRS
Separate read/write DB, replication lag handling, eventual consistency in reads
Database sharding
Shard key selection, consistent hashing ring, hotspot problem, cross-shard queries
When to use NoSQL vs SQL
Schema flexibility, write throughput, geospatial, time-series — pick the right DB for the use case
Messaging & async
must
Message queue vs event streaming
RabbitMQ (task queue) vs Kafka (event log) — retention, replay, consumer groups
Idempotency & at-least-once delivery
Idempotency keys, deduplication, outbox pattern for guaranteed delivery
Saga pattern for distributed transactions
Choreography vs orchestration sagas — compensating transactions on failure
HLD systems to design
must
URL Shortener, Rate Limiter, Notification System
These 3 cover caching, Redis patterns, async queues — most common in interviews
Twitter Feed, WhatsApp, Uber
Fan-out on write vs read, WebSocket at scale, geospatial indexing
YouTube, Google Drive, Search Autocomplete
Object storage, CDN, chunked upload, inverted index, trie at scale
Payment system, Stock exchange, Ad click aggregation
Exactly-once semantics, ACID at scale, time-series aggregation, idempotency
Tier 1 — must build (on resume)
must
Real-Time Chat (WebSocket + Redis Pub/Sub)
Covers: WebSocket, horizontal scaling, presence tracking, message persistence, JWT auth
URL Shortener with Analytics
Covers: 3-layer caching, async analytics pipeline, load testing with k6, materialized views
Multi-Tenant SaaS backend
Covers: schema isolation, Keycloak/OAuth, Kafka fan-out, dynamic tenant onboarding
Tier 2 — differentiate yourself
good
API Gateway / Rate Limiter (from scratch)
Build your own — sliding window in Redis, token bucket, route proxying with Nginx
Job Queue System (BullMQ-like, simpler)
Covers: Redis streams, worker concurrency, retry/DLQ, priority queues
E-commerce order service with Saga pattern
Covers: distributed transactions, compensating actions, Kafka choreography
Tier 3 — stand out
stand out
Distributed tracing (OpenTelemetry)
Instrument NestJS services, visualise traces in Jaeger/Zipkin
Custom ORM / query builder in TypeScript
Shows deep DB understanding — build a simple type-safe query builder
Open source contribution to NestJS / BullMQ / Prisma
Even a bug fix or docs PR — verifiable, carries enormous credibility with interviewers
Every project must have
must
README with architecture diagram
Recruiters and engineers both check GitHub — a good README doubles perceived quality
Docker Compose — one-command setup
docker-compose up should spin up app + DB + Redis + any queues automatically
Swagger / OpenAPI docs
Every endpoint documented — NestJS @ApiProperty decorators make this fast
Unit tests with >60% coverage
Shows production mindset — even a few well-written tests are better than none