DevCerts logo DevCerts

Certification

Senior Node.js Developer

This certification is intended for experienced Node.js developers who build backend systems that support real products, real traffic, and long-term operational demands.

It validates senior-level capability in asynchronous execution, event-driven architecture, API and service design, error handling, concurrency awareness, integration patterns, data flow control, testing strategy, and production performance. The emphasis is on making sound engineering decisions in systems that must remain stable, observable, and maintainable as they grow.

Candidates are expected to show that they can structure Node.js applications clearly, model service boundaries responsibly, control failure modes, handle external integrations safely, and debug issues that appear under realistic runtime conditions. This includes working with background processing, queues, network boundaries, configuration management, and codebases that evolve across multiple teams and releases.

The certification is suitable for developers who already use Node.js professionally and want to validate that they can deliver robust backend applications with reliability, scalability, and senior-level engineering discipline.
Get Certified

What this certification proves

Clear scope for candidates. Clear meaning for reviewers.

Passing result

What a pass confirms

This certificate confirms that the candidate demonstrated senior-level Node.js development competence in building production-ready backend systems, managing asynchronous workflows, and delivering reliable server-side architecture.

Scope

What the exam validates

Scope includes Node.js runtime behavior, asynchronous programming, event loop awareness, API and service design, integration patterns, background processing, error handling, testing strategy, performance tuning, debugging, and production-focused maintenance decisions.

For reviewers

What someone can verify later

The public certificate page shows the holder name, score, issue date, certificate ID, and current verification status without relying on screenshots.

Share flow

Share one record, not a bundle of files

Use the certificate page as the primary proof. PDF stays available as a convenient copy, but the live page is the canonical record.

Official certificate page

What the verifier will see

  • Candidate name
  • Score and pass outcome
  • Date and certificate ID
  • Current verification status

Preparation topics

Topics covered by the exam question set.

Use this topic map as a preparation checklist. Questions in this certification are built from these concrete topic areas.

Core Runtime & Async

  • Node.js runtime basics
  • process object
  • process.cwd
  • process.argv
  • environment variables
  • exit codes
  • Promise concurrency
  • Promise.all
  • Promise.allSettled
  • Promise.any
  • Promise.race timeout patterns
  • async/await control flow
  • await in loops
  • async forEach pitfalls
  • one-time event waiting
  • timers/promises
  • unref timers
  • event loop phases
  • nextTick vs setImmediate vs microtasks
  • AbortController
  • AbortSignal
  • cancellation composition

Filesystem & Paths

  • fs/promises basics
  • readFile vs streams
  • text vs Buffer reads
  • JSON file loading
  • append and write patterns
  • recursive directory creation
  • recursive directory removal
  • temporary directories
  • line-by-line file processing
  • atomic file replacement
  • exclusive file creation
  • FileHandle cleanup
  • fs.watch caveats
  • path module
  • path.join
  • path.resolve
  • file URLs
  • fileURLToPath
  • import.meta.url paths
  • path traversal prevention
  • cross-filesystem rename limits

Streams & Binary Data

  • Readable streams
  • Writable streams
  • backpressure
  • pipeline
  • stream/promises.pipeline
  • stream.finished
  • async iteration over streams
  • early break behavior
  • objectMode buffering
  • gzip streams
  • upload streaming
  • download streaming
  • stream/web interop
  • paused socket edge cases
  • Buffer basics
  • Buffer.alloc vs Buffer.allocUnsafe
  • Buffer slice vs copy
  • Base64
  • byte length
  • UTF-8 decoding
  • combining binary chunks

HTTP & Web APIs

  • http server basics
  • request and response lifecycle
  • status codes and JSON responses
  • request body collection
  • request body limits
  • URL
  • URLSearchParams
  • query parameters
  • built-in fetch
  • fetch timeouts
  • aborting upstream on disconnect
  • large response streaming
  • keep-alive connection reuse
  • server.close semantics
  • requestTimeout
  • headersTimeout
  • keepAliveTimeout

Processes, Workers & Parallelism

  • worker_threads basics
  • CPU-bound offloading
  • worker pools
  • transfer lists
  • ArrayBuffer ownership transfer
  • SharedArrayBuffer
  • Atomics
  • resourceLimits
  • child_process.spawn
  • child_process.exec
  • child_process.execFile
  • child_process.fork
  • IPC
  • shell injection avoidance
  • output buffering limits
  • streaming child stdout
  • child process exit vs close
  • crash isolation boundaries
  • cluster
  • sticky sessions
  • libuv threadpool
  • UV_THREADPOOL_SIZE
  • dns.lookup threadpool contention
  • CPU parallelism strategies

Events, Context & Lifecycle

  • EventEmitter basics
  • error events
  • error-first callbacks
  • once listeners
  • listener leak warnings
  • MaxListeners warnings
  • AsyncLocalStorage
  • request-scoped context
  • AsyncResource
  • manual async context propagation
  • captureRejections
  • async listener rejection routing
  • graceful SIGTERM shutdown
  • stop accepting connections
  • shutdown deadlines
  • uncaughtException policy
  • beforeExit vs exit
  • process lifecycle cleanup constraints

Modules, ESM/CJS & Packaging

  • built-in module specifiers
  • ESM basics
  • CommonJS basics
  • import.meta.url
  • createRequire
  • dynamic import in CJS
  • importing CommonJS from ESM
  • CommonJS named import behavior
  • CommonJS default import behavior
  • require cache
  • CommonJS singleton behavior
  • CommonJS circular exports
  • ESM live bindings
  • ESM cache keyed by URL
  • dual package hazard
  • package.json exports
  • package.json imports
  • conditional exports
  • self-reference through exports
  • deep import blocking
  • npm install vs npm ci
  • package-lock.json
  • dependencies vs devDependencies
  • peerDependencies
  • semver ranges
  • npx
  • npm scripts
  • npm workspaces

Testing & Tooling

  • node:test basics
  • test API
  • suite API
  • skipping tests
  • subtests
  • beforeEach hooks
  • cleanup hooks
  • outstanding subtests
  • mocked timers
  • mock cleanup
  • assert/strict
  • deep equality assertions
  • thrown error assertions
  • built-in test runner CLI
  • run() API
  • TestsStream
  • coverage collection
  • coverage include globs
  • coverage exclude globs
  • LCOV output
  • reporters
  • reporter destinations
  • process isolation in tests
  • filtered child-process options

Security & Crypto

  • node:crypto basics
  • secure random tokens
  • randomUUID
  • SHA-256
  • PBKDF2
  • timingSafeEqual
  • constant-time comparisons
  • HMAC and digest checks
  • Web Crypto API
  • subtle.digest
  • AES-GCM
  • IV handling
  • CryptoKey extractability
  • RSA key import and export formats
  • custom certificate authorities
  • rejectUnauthorized pitfalls
  • mTLS
  • peer certificate validation
  • authorizationError
  • authorized flags

HTTP/2, TLS & UDP

  • HTTP/2 client basics
  • HTTP/2 server basics
  • sessions
  • streams
  • request multiplexing
  • stream and session lifecycle
  • GOAWAY
  • session.close vs session.goaway
  • server.close with active HTTP/2 sessions
  • trailers
  • waitForTrailers
  • respondWithFD
  • END_STREAM semantics
  • ALPN
  • unknownProtocol
  • HTTP/1 fallback
  • TLS handshakes
  • secureConnect
  • TLS session reuse
  • TLS 1.2 vs TLS 1.3 resumption
  • HTTPS Agent pooling
  • HTTPS Agent socket pool keys
  • UDP sockets
  • bind vs connect
  • connected UDP sends
  • implicit bind on send
  • reusePort
  • BlockList behind NAT
  • UDP send queue metrics
  • safe UDP buffer reuse

Diagnostics, Performance & Internals

  • high-resolution timing
  • performance measurement
  • event loop lag
  • event loop utilization
  • diagnostics_channel
  • hasSubscribers
  • runStores
  • tracePromise
  • optional instrumentation
  • process.report
  • compact reports
  • signal-triggered reports
  • inspector CPU profiling
  • heap snapshots
  • active resource diagnostics
  • memory pressure
  • memoryUsage
  • DNS result order
  • OS resolver semantics

VM & Permission Model

  • vm is not a security sandbox
  • runInNewContext timeout behavior
  • microtaskMode afterEvaluate
  • contextCodeGeneration
  • blocking eval and wasm
  • escaping via outer queues
  • SourceTextModule basics
  • async dependency graph detection
  • module namespace availability
  • re-evaluating errored modules
  • module.error semantics
  • import.meta object context
  • Permission Model basics
  • filesystem read scopes
  • filesystem write scopes
  • entrypoint implicit read allowance
  • worker permission inheritance
  • pre-init flags outside permission checks
  • runtime permission checks
  • filesystem guarantee limitations

How the certification works

From voucher purchase to public certificate.

Once the candidate decides to pursue this certification, the path is simple: buy a voucher, exchange it for this certification, complete the exam, and receive the official certificate after a successful result.

Step 01

Buy a voucher for account balance

The candidate tops up voucher balance first. DevCerts does not sell this certification as a direct one-off checkout item.

Step 02

Choose this certification and exchange the voucher

When the candidate is ready, one voucher is consumed and DevCerts opens exam access for this certification.

Step 03

Pass and receive the official certificate page

After a successful valid result is received from Askium, DevCerts issues the certificate, publishes the public verification page, and keeps PDF available as a secondary copy.

Current certificate policy

What this certification page promises today

  • A certificate is issued only after a successful valid result.
  • The public verification page is the canonical certificate artifact.
  • The issued certificate is active and non-expiring in the current MVP.