Common

One of the things that really speaks about someone's experience is how they are able to make good "business" decisions. Here are some examples:

• Do we need to delete users or is a soft-delete better for our clients?
• Do we need to build that feature from scratch or can we integrate with a pre-existing service?
• Do we need to create our own user authentication or can we just use OAuth/Cognito/etc?
• Do I need to optimize every method for performance? What parts of the app really need it? Were's the trade off between performance and maintenability?
• Understand when to use relational and non-relational databases depending on the use case. Do we need ultra fast reads/writes? Is data never updated? Do I care if data is lost?
• When to normalize o de-normalize data
• When to use a frontend framework and when not

The following is a non-exhaustive list but outlines some key areas a senior developer should have work experience in or have a strong understanding of:

Source control (Git)

• About version control. Chapters 1 and 2
• The Three States (or trees) of Git: the working tree, the staging area (or index), and the Git directory (or repository).
• How git fully mirrors the remote repository. The .git folder
• Different ways of working with git: Gitflow vs Trunk based development
• Branches
• Good knowledge of basic commands: add, commit, diff, log, show, reset, checkout, branch, pull, push
• git reset: soft vs hard
• Remotes. Using multiple remotes
• Merge
• Rebase. Introduction Sequence - 4 and Moving Work Around - 2
• Rewriting history. Amend and rebase
• Stashing changes
• Pull request workflow
• Cherry picking
• Merge commit vs squash and merge vs rebase and merge
• .gitignore
• How to write commit messages
• Verification (e.g. PGP signatures)
• Hooks
• Undoing things & recovering from mistakes
• Resolving conflicts

Basics of algorithms

• Recursion
• Breadth First Search (BFS)
• Depth First Search (DFS)

HTML

• Forms
• DOM
• Events
• Semantic markup
• Structured data
  • Microdata
  • JSON-LD
• ARIA roles

CSS

• Selectors
• Display property
• Float
• Positioning elements
• Flexbox
• Responsive design
• SASS vs CSS
  • Variables
  • Nesting
  • Partials
  • Modules
  • Mixins
  • Inheritance

JavaScript

• Arrow functions vs normal functions
• Promises
• async / await
• modules
• this

Testing

• The testing pyramid:
• Unit tests
• Mocks, stubs, and spies
• Creating test data with factories
• Integration tests (end-to-end)
• Dealing with third-party APIs
• Dealing with timezones
• CI and CD
• Test-driven development (TDD), test-driven design, test-first development, test-after development

Object oriented programming (OOP)

• SOLID principles:
  • Single Responsibility principle
  • Open/Closed principle
  • Liskov substitution
  • Interface segregation
  • Dependency inversion
• Composition vs Inheritance
• Design patterns, including:
  • Decorator
  • Presenter
  • Observer
  • Adapter
  • Bridge
  • Strategy
  • Façade
  • Factory
  • Singleton
  • Template Method
  • Proxy
  • Command

Refactoring

• Code smells (Reek example):
  • duplicate code
  • dead code
  • long method
  • shotgun surgery
  • long parameter list
  • primitive obsession
  • feature envy
• "Make the change easy, then make the easy change"
• Extract method
• Extract object
• Understand the dangers of premature abstraction

Performance & scaling

• N+1 queries
• Database query analysis (e.g. EXPLAIN ANALYZE)
• Database indexes
  • Where to use them
  • Types of indexes
• Database sharding
• Fragment caching
• Russian Doll caching
• HTTP caching (with Nginx, Varnish, etc)
• Measuring
  • sample size, significance, etc
  • hotspots
  • CPU, memory, disk, network
  • algorithmic complexity

Security

• SQL injection
• XSS
• CSRF
• Code injection
• Mass assignment
• Authentication
• Authorization
• Timing attacks
• Password complexity
• OAuth
• JWT
• OTP
• How randomness affects security

Architecture

• Inter-service communication in service-oriented systems
• Event-driven systems
• Multi-tenant systems
• Deciding if a single-page application is appropriate
• Model-View-Controller
• Model-View-ViewModel

Preparing for production

• Error monitoring
  • New Relic
  • Scout
  • Rollbar
  • Sentry
  • Raygun
  • Etc
• Observability (e.g. background queue size)
• Handling secrets
  • ENV variables
  • Encoded secrets
  • AWS KMS
• TLS
• Backups (incl. DB, mid-flight processes, securing, verifying)
• Failover
• Deployment
  • Heroku
  • AWS
• Analytics
  • A/B testing
  • funnels
  • bucketing
  • statistical significance
• CDN
• DNS
  • A
  • AAAA
  • CNAME
  • MX
  • NS
• Nginx
  • understand and configure the nginx.conf file
  • usage and difference of sites-available and sites-enabled file
• Load balancing and horizontal scaling techniques

Speed / Quality trade-offs

• Technical debt
  • When it's appropriate to increase debt
  • When it's appropriate to pay off debt

Functional programming

• Pattern matching
• Monads
• Error handling
• Non-mutability

Unix

• Process management
• Package managers
  • apt
• File handling
• Permissions
• The $PATH ENV variable
• Shell scripting
• Cron: how to read and configure a cron job
  • Crontab.guru
• SSH commands
  • Tunneling / port forwarding

Email

• Multipart messages (mixed, alternative, related, etc.)
• Protocols
  • IMAP
  • SMTP

Relational Databases

• How to write an Entity Relationship Diagram (ERD) and how that maps to a database table
• Locking
  • Table and Row level locks
  • Deadlocks
  • SELECT FOR UPDATE
• PostgreSQL extensions
• Different types of JOINs
• Aggregating data
• Views
  • Materialized views
• Schema design and normalization
• Constraints
• Indexing
• Triggers
• Stored procedures
• Storing JSON/JSONB data
  • GIN indexes
• Handling time and time zones
• Handling geographic data
• Understand the difference between relational database (SQL) vs non-relational (NoSQL). Understand Pros/Cons and when to use:
  • Redis
  • Mongo/DynamoDB
  • Athena
  • ElasticSearch
  • Graph databases
  • Time-series databases

GraphQL

• Schema design
• Type generation
• Avoiding N+1 queries
• Communicating errors
• Apollo
• Federation

HTTP

• Verbs, and verb safety
• Status codes
• URLs
• Cookies
• MIME types
  • application/x-www-form-urlencoded
  • multipart/form-data
  • application/json
• Headers:
  • Cache-Control
  • Etag / If-None-Match
  • Last-Modified / If-Modified-Since
  • Vary
  • X-Requested-With

React

• Components
• Hooks
• State management
  • Redux, and when not to use it
• Different ways of handling forms and inputs
• Talking to a server (e.g. Apollo)

Asynchronous systems

• XHR
• Websockets
• Background jobs
  • Lambda functions
• Communicating information, results and errors from asynchronous tasks
  • Kafka
  • SNS / SQS
• Dependencies between asynchronous tasks

Devops

• Infrastructure as code
  • Cloudformation
  • Terraform
• Docker
  • Understand a Dockerfile
  • Understand how docker layers work
  • Docker compose
  • ECS
• Kubernetes
  • EKS