Coding Prompts

Simulate a technical interview for a junior front-end developer position. Ask me questions about HTML, CSS, JavaScript, and a framework like React. Start with a simple coding challenge, like reversing a string.

What is Dependency Injection (DI)? How does it help in creating loosely coupled and more testable code? Provide a simple "before" and "after" code example in Java or C# that demonstrates the concept of constructor injection.

Explain the "Singleton" design pattern. What problem does it solve? Provide a code example of how to implement it in Java or Python. Discuss its pros and cons, and when it is appropriate to use.

I need to design a RESTful API for a social media application. The resources are Users, Posts, Comments, and Likes. Design the endpoints, including HTTP methods, URL structure, and request/response payloads. Provide examples for creating a new post and fetching comments for a post.

Let's do a system design interview. Your task is to design a URL shortening service like TinyURL. Discuss the requirements, API design, data model, and how you would handle scaling the service to millions of users. Draw a high-level architecture diagram.

Implement WebSocket for real-time features. Use cases: 1. Chat applications. 2. Live notifications. 3. Collaborative editing. 4. Live data dashboards. 5. Gaming multiplayer. 6. Stock tickers. Implementation: Establish connection, send/receive messages, handle disconnect, reconnect logic, heartbeat/ping-pong, scale with Redis pub/sub, authentication at connection. Use Socket.io or native WebSocket API.

Protect APIs with rate limiting. Strategies: 1. Fixed window (requests per minute). 2. Sliding window for smoother limits. 3. Token bucket for burst handling. 4. Leaky bucket for consistent rate. 5. Per-user vs global limits. 6. Redis for distributed rate limiting. 7. Return 429 with Retry-After header. 8. Different tiers for API keys. Use middleware like express-rate-limit. Implement exponential backoff guidance.

Implement caching with Redis. Patterns: 1. Cache-aside (lazy loading). 2. Write-through (update cache on write). 3. Write-behind (async cache updates). 4. Cache invalidation strategies. 5. TTL for automatic expiration. 6. Key naming conventions. 7. Data structures (strings, hashes, lists, sets). 8. Pub/Sub for real-time. Use for session storage, rate limiting, leaderboards. Monitor memory usage.

Design intuitive REST APIs. Guidelines: 1. Noun-based resource URLs. 2. HTTP methods correctly (GET, POST, PUT, DELETE, PATCH). 3. Proper status codes (200, 201, 400, 404, 500). 4. Versioning strategy (/v1/). 5. Pagination for large collections. 6. Filtering, sorting, searching. 7. HATEOAS for discoverability. 8. Consistent error format. Use JSON. Document with OpenAPI/Swagger. Implement rate limiting.

Scan for security vulnerabilities. Tools: 1. SAST (Snyk, SonarQube) for code analysis. 2. DAST for runtime scanning. 3. Dependency scanning (npm audit, Dependabot). 4. Secret detection (GitGuardian). 5. Container scanning. 6. Infrastructure as Code scanning. Integrate in CI/CD. Fix critical issues immediately. Use OWASP Top 10 as guide. Regular security reviews.

Build serverless with AWS Lambda. Architecture: 1. Function handler receives event. 2. Stateless execution. 3. Cold start optimization. 4. Environment variables for config. 5. IAM roles for permissions. 6. API Gateway for HTTP triggers. 7. EventBridge for scheduling. 8. CloudWatch for logs and monitoring. Use Serverless Framework or SAM. Keep functions small and focused. Mind execution time limits.

Practice test-driven development. Workflow: 1. Write failing test first (Red). 2. Write minimal code to pass (Green). 3. Refactor while keeping tests green. 4. Repeat cycle. Benefits: Better design, confidence, documentation. Write tests for: edge cases, error handling, happy path. Use describe/it structure. Keep tests fast and isolated. Mock external dependencies.

Implement JWT auth securely. Flow: 1. User login with credentials. 2. Server validates and creates JWT. 3. Client stores JWT (httpOnly cookie or memory). 4. Include JWT in Authorization header. 5. Server verifies signature and claims. 6. Refresh tokens for long sessions. 7. Token expiration and renewal. 8. Logout (blacklist or short expiry). Use RS256 for production. Don't store in localStorage. Implement CSRF protection.

Test API endpoints comprehensively. Approach: 1. Test full request/response cycle. 2. Use real database (test instance). 3. Setup/teardown for clean state. 4. Test authentication and authorization. 5. Validate response schemas. 6. Test error scenarios. 7. Performance testing. 8. Security testing. Use Supertest or similar. Run in CI/CD. Separate from unit tests. Mock external APIs.

Optimize database performance with indexes. Strategies: 1. Index foreign keys. 2. Composite indexes for multi-column queries. 3. Covering indexes to avoid table lookups. 4. Partial indexes for filtered queries. 5. Monitor query plans (EXPLAIN). 6. Avoid over-indexing (write performance). 7. Index selectivity matters. 8. Regular index maintenance. Use for WHERE, JOIN, ORDER BY. Not for small tables or high-write scenarios.

Containerize applications with Docker. Best practices: 1. Small base images (Alpine). 2. Multi-stage builds. 3. Layer caching optimization. 4. .dockerignore file. 5. Non-root user for security. 6. Health checks. 7. Environment-specific configs. 8. Volume mounts for data. Keep images lean. One process per container. Use docker-compose for local development. Tag images properly.

Handle errors and log effectively. Practices: 1. Catch errors at boundaries. 2. Specific error types vs generic. 3. User-friendly error messages. 4. Detailed logs for debugging. 5. Structured logging (JSON). 6. Log levels (ERROR, WARN, INFO, DEBUG). 7. Correlation IDs for tracing. 8. Never log sensitive data. Use Winston, Pino, or similar. Centralize logs with ELK or Datadog. Monitor error rates.

Choose Git workflow for team. Strategies: 1. Git Flow (main, develop, feature, release, hotfix). 2. GitHub Flow (main, feature branches, PR). 3. Trunk-based (short-lived branches, frequent merges). 4. Branch naming conventions. 5. Commit message standards. 6. Pull request templates. 7. Protected branches. 8. Squash vs merge commits. Use GitHub Actions or GitLab CI. Automate what you can.

Design scalable GraphQL schemas. Patterns: 1. Types for domain models. 2. Queries for reads, mutations for writes. 3. Input types for complex arguments. 4. Interfaces and unions for polymorphism. 5. Connection pattern for pagination. 6. DataLoader for N+1 prevention. 7. Directive for custom logic. 8. Federation for microservices. Use schema-first approach. Implement authorization at field level.

Validate and sanitize user input. Techniques: 1. Whitelist allowed input. 2. Validate data types and formats. 3. Length restrictions. 4. Regex for pattern matching. 5. Sanitize HTML to prevent XSS. 6. Parameterized queries for SQL injection. 7. Validate on client AND server. 8. Contextual output encoding. Use libraries like Joi, Yup, or validator.js. Never trust user input. Fail securely.

Deploy with Kubernetes. Concepts: 1. Pods as deployment units. 2. Deployments for replica management. 3. Services for networking. 4. ConfigMaps and Secrets for config. 5. Namespaces for isolation. 6. Ingress for HTTP routing. 7. Resource limits and requests. 8. Health and readiness probes. Use kubectl and YAML manifests. Implement rolling updates and rollbacks. Monitor with Prometheus.

Master async programming. Patterns: 1. async/await for readability. 2. Promise.all for parallel execution. 3. Promise.allSettled for all results. 4. Promise.race for timeout handling. 5. Try/catch for error handling. 6. Avoid callback hell. 7. Handle unhandled rejections. 8. Sequential vs parallel trade-offs. Use for I/O operations. Don't block event loop. Implement retry logic for resilience.

Detect and prevent memory leaks. Techniques: 1. Use browser DevTools memory profiler. 2. Heap snapshots comparison. 3. Clear event listeners on cleanup. 4. Unsubscribe from observables. 5. Clear timers and intervals. 6. Weak references for caches. 7. Avoid global variables accumulation. 8. Monitor production with tools like Sentry. Common causes: closures, forgotten subscriptions, detached DOM. Implement cleanup in useEffect/componentWillUnmount.

Document APIs with OpenAPI/Swagger. Structure: 1. OpenAPI specification (YAML/JSON). 2. Paths for endpoints. 3. Request/response schemas. 4. Parameter descriptions. 5. Authentication schemes. 6. Example requests/responses. 7. Error codes documentation. 8. Interactive try-it-out. Use Swagger UI for visualization. Generate from code or design-first. Keep docs in sync with implementation.

Design microservices effectively. Patterns: 1. Service per business capability. 2. API Gateway for routing. 3. Service discovery (Consul, Eureka). 4. Circuit breaker for resilience. 5. Event-driven communication. 6. Database per service. 7. Saga pattern for distributed transactions. 8. CQRS for read/write separation. Use Docker and Kubernetes. Implement observability from start.

Manage codebase in monorepo. Tools: 1. Turborepo (fast task execution, caching). 2. Nx (powerful CLI, generators). 3. Lerna (package management, versioning). 4. pnpm workspaces (efficient dependencies). 5. Rush (large-scale enterprise). Benefits: Shared code, atomic changes, consistent versioning. Challenges: Build times, tooling complexity. Use build caching and affected commands. Implement code ownership.

Integrate social login with OAuth 2.0. Flow: 1. Redirect to provider (Google, Facebook, GitHub). 2. User authorizes application. 3. Provider redirects with authorization code. 4. Exchange code for access token. 5. Fetch user profile. 6. Create or update user in database. 7. Issue JWT to client. 8. Handle errors and edge cases. Use libraries like passport.js. Implement state parameter for CSRF. Store tokens securely.

Profile and optimize performance. Tools: 1. Chrome DevTools (Performance, Lighthouse). 2. React DevTools Profiler. 3. Node.js --prof and clinic.js. 4. Bundle analysis (webpack-bundle-analyzer). 5. Database query analysis (EXPLAIN). 6. APM tools (New Relic, DataDog). Focus on: render performance, bundle size, API latency, memory usage. Measure before optimizing. Profile in production-like environments.

Set up effective CI/CD pipeline. Stages: 1. Source (code commit triggers pipeline). 2. Build (compile, dependency installation). 3. Test (unit, integration, e2e tests). 4. Code Quality (linting, code coverage, SonarQube). 5. Security Scan (dependency vulnerabilities, SAST). 6. Deploy to Staging (automated). 7. Deploy to Production (manual approval or automated). Tools: GitHub Actions, GitLab CI, Jenkins, CircleCI. Use Docker for consistent environments. Parallel jobs for speed. Fail fast. Notifications on failure. Blue-green or canary deployments. Infrastructure as Code (Terraform). Measure: deployment frequency, lead time, MTTR.

Write effective code documentation. Levels: 1. Code comments (explain why, not what - complex logic only). 2. Function/method docs (parameters, return values, exceptions - JSDoc, docstrings). 3. README (setup, usage, examples). 4. API documentation (OpenAPI/Swagger for REST). 5. Architecture docs (system design, diagrams). 6. Changelog (version history). Best practices: Keep docs close to code. Update with code changes. Use examples. Avoid obvious comments. Document assumptions and edge cases. Use diagrams (C4 model, UML). Tools: Sphinx, Doxygen, MkDocs. Good code is self-documenting, but docs add context.

Design microservices architecture effectively. Principles: 1. Single Responsibility (one service, one business capability). 2. Decentralized Data (each service owns its database). 3. API Gateway (single entry point). 4. Service Discovery (Consul, Eureka). 5. Asynchronous Communication (message queues, events). 6. Circuit Breaker (fault tolerance). 7. Containerization (Docker, Kubernetes). Challenges: distributed tracing, data consistency, testing. Use API versioning. Implement health checks. Centralized logging (ELK). Monitoring (Prometheus, Grafana). Start with monolith, extract services gradually. Not always the right choice - consider team size and complexity.

Apply design patterns to solve common problems. Creational: 1. Singleton (single instance). 2. Factory (object creation). 3. Builder (complex object construction). Structural: 4. Adapter (interface compatibility). 5. Decorator (add behavior dynamically). 6. Facade (simplified interface). Behavioral: 7. Observer (event notification). 8. Strategy (interchangeable algorithms). 9. Command (encapsulate requests). 10. Template Method (algorithm skeleton). Don't force patterns - use when appropriate. Understand problem first. Patterns improve communication ('let's use Observer here'). Study Gang of Four book. Practice with real examples.

Optimize application performance systematically. Techniques: 1. Profile first (identify bottlenecks with profiler). 2. Database optimization (indexes, query optimization, connection pooling). 3. Caching (Redis, Memcached, CDN). 4. Lazy loading (load data on demand). 5. Code-level optimization (efficient algorithms, avoid premature optimization). 6. Asynchronous processing (queues, background jobs). 7. Minification and compression (gzip, Brotli). Frontend: bundle splitting, image optimization, tree shaking. Backend: horizontal scaling, load balancing. Measure impact (before/after metrics). Use APM tools (New Relic, Datadog). 80/20 rule: optimize the 20% causing 80% slowness.

Secure your applications against common vulnerabilities. OWASP Top 10: 1. Injection (SQL, NoSQL, OS commands - use parameterized queries). 2. Broken Authentication (implement MFA, secure password storage with bcrypt). 3. Sensitive Data Exposure (encrypt data at rest and in transit, HTTPS). 4. XML External Entities (disable XXE in parsers). 5. Broken Access Control (enforce authorization checks). 6. Security Misconfiguration (disable debug mode, update dependencies). 7. XSS (sanitize user input, use CSP headers). 8. Insecure Deserialization (validate serialized data). 9. Using Components with Known Vulnerabilities (dependency scanning). 10. Insufficient Logging (log security events). Use security headers, rate limiting.

Refactor code safely and effectively. Common refactorings: 1. Extract Method (long function → smaller functions). 2. Rename Variable (unclear → descriptive). 3. Extract Class (large class → multiple focused classes). 4. Inline Method (unnecessary abstraction). 5. Replace Magic Numbers with Constants. 6. Introduce Parameter Object (long parameter lists). 7. Replace Conditional with Polymorphism. When to refactor: before adding features, during code review, when fixing bugs. Red-Green-Refactor cycle. Use IDE refactoring tools. Keep tests green. Small steps. Commit after each refactoring. Based on Martin Fowler's 'Refactoring' book.

Design efficient database schemas. Normalization forms: 1. 1NF (atomic values, no repeating groups). 2. 2NF (no partial dependencies). 3. 3NF (no transitive dependencies). Balance normalization with performance (denormalize for read-heavy). Design principles: Use surrogate keys (auto-increment IDs). Foreign keys for relationships. Indexes on frequently queried columns. Avoid NULL when possible. Use appropriate data types. Naming conventions (plural table names, singular columns). Document relationships (ERD diagrams). Consider ACID properties. Use constraints (UNIQUE, NOT NULL, CHECK). Plan for scalability (partitioning, sharding).

Master Git for effective collaboration. Workflow: 1. Feature branches (git checkout -b feature/new-feature). 2. Commit often with clear messages (feat:, fix:, docs:). 3. Pull before push (git pull --rebase). 4. Code review via pull requests. 5. Squash commits before merge. 6. Delete merged branches. 7. Tag releases (v1.0.0). Commit message format: type(scope): subject. Use .gitignore. Never commit secrets. Interactive rebase for clean history (git rebase -i). Resolve conflicts carefully. Use git stash for WIP. Learn: git log, git blame, git bisect. Branching strategies: Git Flow, GitHub Flow.

Design clean RESTful APIs. Principles: 1. Use nouns for resources (/users, not /getUsers). 2. HTTP methods: GET (read), POST (create), PUT (update), DELETE (delete). 3. Proper status codes (200 OK, 201 Created, 400 Bad Request, 404 Not Found, 500 Server Error). 4. Versioning (/v1/users). 5. Filtering, sorting, pagination (?page=2&sort=name). 6. HATEOAS (include links to related resources). 7. Consistent naming (camelCase or snake_case). Use JSON. Stateless requests. Authentication with JWT/OAuth. Rate limiting. Comprehensive documentation (OpenAPI/Swagger). Error messages should be helpful.

Write effective unit tests with TDD approach. TDD cycle: 1. Red (write failing test). 2. Green (write minimal code to pass). 3. Refactor (improve code while keeping tests green). Best practices: Test one thing per test. Use AAA pattern (Arrange, Act, Assert). Descriptive test names (should_returnTrue_when_inputIsValid). Mock external dependencies. Aim for 80%+ code coverage. Fast tests (<1 sec). Independent tests (no order dependency). Use test fixtures for setup. Frameworks: Jest, Pytest, JUnit. Benefits: confidence in changes, living documentation, better design.

Write maintainable code using SOLID principles. Principles: 1. Single Responsibility (class has one reason to change). 2. Open/Closed (open for extension, closed for modification). 3. Liskov Substitution (subclasses should be substitutable for base classes). 4. Interface Segregation (many specific interfaces > one general). 5. Dependency Inversion (depend on abstractions, not concretions). Additional: DRY (Don't Repeat Yourself), KISS (Keep It Simple), YAGNI (You Aren't Gonna Need It). Use meaningful names. Functions should be small (<20 lines). Comments explain why, not what. Refactor regularly. Code is read 10x more than written.

Debug efficiently with systematic approach. Process: 1. Reproduce the bug consistently. 2. Isolate the problem (binary search through code). 3. Form hypothesis about cause. 4. Test hypothesis (add logging, use debugger). 5. Fix the root cause, not symptoms. 6. Verify fix doesn't break other functionality. 7. Add test to prevent regression. Techniques: rubber duck debugging, print statements, breakpoints, stack traces. Read error messages carefully. Check recent changes (git blame). Search Stack Overflow. Take breaks if stuck. Document solution. Prevention: write tests first, code reviews, static analysis.

Master common algorithm patterns for coding interviews. Patterns: 1. Two Pointers (sorted arrays, palindromes). 2. Sliding Window (subarray problems, max/min in window). 3. Fast & Slow Pointers (cycle detection in linked lists). 4. Merge Intervals (overlapping ranges). 5. Cyclic Sort (missing numbers in range). 6. In-place Reversal (linked list reversal). 7. BFS/DFS (tree/graph traversal). 8. Binary Search (sorted data, optimization problems). 9. Top K Elements (heaps, quickselect). 10. Dynamic Programming (optimization, counting). For each pattern: recognize problem type, apply template, practice 5-10 problems. Use LeetCode, HackerRank.

Conduct thorough code reviews with this checklist. Areas to review: 1. Functionality (does it work as intended? edge cases handled?). 2. Code quality (readable, maintainable, follows style guide). 3. Tests (adequate coverage, meaningful assertions). 4. Performance (no obvious bottlenecks, efficient algorithms). 5. Security (input validation, no SQL injection, XSS prevention). 6. Documentation (comments for complex logic, README updates). 7. Error handling (graceful failures, logging). 8. Dependencies (necessary, up-to-date, no vulnerabilities). Use constructive feedback. Suggest improvements, don't just criticize. Automate with linters. Aim for 200-400 LOC per review. Balance thoroughness with speed.