NestJS has become the go-to framework for enterprise Node.js applications, yet many candidates struggle to explain why it exists or how its dependency injection actually works. The question "Why NestJS over Express?" separates developers who've just followed tutorials from those who understand architectural decisions.
This guide covers the essential NestJS interview questions, from basic module structure to advanced patterns like guards, interceptors, and testing strategies.
Table of Contents
- NestJS Fundamentals Questions
- Module Architecture Questions
- Controller Questions
- Dependency Injection Questions
- Validation and Pipes Questions
- Guards and Authorization Questions
- Interceptors and Filters Questions
- Database Integration Questions
- Testing Questions
NestJS Fundamentals Questions
These foundational questions test your understanding of why NestJS exists and when to use it.
What is NestJS and why would you use it over Express?
NestJS is an opinionated Node.js framework that brings Angular-like architecture to the backend. It provides structure through modules, built-in dependency injection, and decorators for everything from routing to validation. It's TypeScript-first and has excellent support for microservices, GraphQL, and WebSockets out of the box.
Express is minimal and unopinionated—you decide everything from folder structure to how you handle dependency injection. That's great for small projects or when you want maximum flexibility. NestJS provides opinions and structure that pay dividends for teams of 5+ developers or applications that will grow over years.
Under the hood, NestJS uses Express (or optionally Fastify) as its HTTP layer. So you're not losing Express—you're adding architecture on top of it.
When would you NOT use NestJS?
For simple APIs or quick prototypes, Express is faster to set up. For serverless functions that need minimal cold start time, the NestJS overhead might be too much. For teams unfamiliar with Angular-style architecture or TypeScript, the learning curve could slow initial development.
The key consideration is project scale and team size. A solo developer building a small API gets little benefit from NestJS's structure, while a team of 10 building a complex enterprise system benefits greatly from the enforced patterns.
What is the request lifecycle in NestJS?
Understanding execution order is crucial for debugging and designing middleware correctly. When a request arrives, NestJS processes it through several layers in a specific order.
Middleware runs first, then Guards decide if the request should proceed. Interceptors wrap the handler and can modify both request and response. Pipes validate and transform input. If anything throws, Exception Filters catch it.
Incoming Request
│
▼
Middleware
│
▼
Guards ──────────▶ (return false = 403)
│
▼
Interceptors (before)
│
▼
Pipes ───────────▶ (validation fails = 400)
│
▼
Handler (Controller method)
│
▼
Interceptors (after)
│
▼
Exception Filters (if error thrown)
│
▼
Response
Module Architecture Questions
Modules are the fundamental organizational unit in NestJS.
What are NestJS modules and how do they work?
Modules are classes decorated with @Module() that organize application structure. Each module encapsulates a feature—users, auth, orders—and declares its controllers, providers, imports, and exports. The root AppModule imports all feature modules, and NestJS builds the dependency graph at startup.
This modular architecture creates clear boundaries between features and makes it easy to understand dependencies at a glance.
// users/users.module.ts
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { UsersController } from './users.controller';
import { UsersService } from './users.service';
import { User } from './entities/user.entity';
@Module({
imports: [TypeOrmModule.forFeature([User])], // Import dependencies
controllers: [UsersController], // Handle HTTP requests
providers: [UsersService], // Business logic & DI
exports: [UsersService] // Make available to other modules
})
export class UsersModule {}How do module imports and exports work?
Imports bring in functionality from other modules, allowing you to use their exported providers. Exports make providers available to modules that import this module. Providers are scoped to their module by default—they're not globally available unless explicitly exported.
This encapsulation prevents tight coupling between modules and makes dependencies explicit.
// app.module.ts (root module)
import { Module } from '@nestjs/common';
import { UsersModule } from './users/users.module';
import { AuthModule } from './auth/auth.module';
import { TypeOrmModule } from '@nestjs/typeorm';
@Module({
imports: [
TypeOrmModule.forRoot({
type: 'postgres',
host: 'localhost',
// ... config
}),
UsersModule,
AuthModule,
],
})
export class AppModule {}Key points:
- Each module encapsulates a feature (users, auth, orders)
importsbring in other modules' exported providersexportsmake providers available to importing modules- Providers are module-scoped by default
Controller Questions
Controllers handle incoming HTTP requests and return responses.
How do controllers work in NestJS?
Controllers are classes decorated with @Controller() that handle incoming HTTP requests. They use decorators like @Get(), @Post(), @Put(), @Delete() to define route handlers. Parameter decorators like @Body(), @Param(), and @Query() extract data from requests.
Controllers should be thin—they receive requests, delegate to services for business logic, and return responses. This separation keeps code testable and maintainable.
import {
Controller,
Get,
Post,
Put,
Delete,
Body,
Param,
Query,
HttpCode,
HttpStatus,
ParseIntPipe,
} from '@nestjs/common';
import { UsersService } from './users.service';
import { CreateUserDto } from './dto/create-user.dto';
import { UpdateUserDto } from './dto/update-user.dto';
@Controller('users') // Route prefix: /users
export class UsersController {
// Dependency injection via constructor
constructor(private readonly usersService: UsersService) {}
@Post()
@HttpCode(HttpStatus.CREATED)
create(@Body() createUserDto: CreateUserDto) {
return this.usersService.create(createUserDto);
}
@Get()
findAll(@Query('role') role?: string) {
return this.usersService.findAll(role);
}
@Get(':id')
findOne(@Param('id', ParseIntPipe) id: number) {
return this.usersService.findOne(id);
}
@Put(':id')
update(
@Param('id', ParseIntPipe) id: number,
@Body() updateUserDto: UpdateUserDto,
) {
return this.usersService.update(id, updateUserDto);
}
@Delete(':id')
@HttpCode(HttpStatus.NO_CONTENT)
remove(@Param('id', ParseIntPipe) id: number) {
return this.usersService.remove(id);
}
}How does NestJS compare to Express for route handling?
NestJS provides built-in pipes for parsing and validation, reducing boilerplate and improving type safety. Express requires manual parsing and validation at each route.
// Express - manual parsing
router.get('/users/:id', (req, res) => {
const id = parseInt(req.params.id); // Manual parsing
if (isNaN(id)) {
return res.status(400).json({ error: 'Invalid ID' });
}
// ...
});
// NestJS - ParseIntPipe handles parsing and validation
@Get(':id')
findOne(@Param('id', ParseIntPipe) id: number) {
// id is already a number, invalid input throws BadRequestException
}Dependency Injection Questions
Dependency injection is central to NestJS architecture.
What is dependency injection and how does it work in NestJS?
Dependency injection (DI) is a design pattern where classes receive their dependencies from external sources rather than creating them. In NestJS, the IoC (Inversion of Control) container manages service instantiation and injection automatically.
You mark classes with @Injectable() to tell NestJS they can be managed by the container, register them as providers in modules, and inject them through constructor parameters. This enables loose coupling, easier testing with mock dependencies, and better code organization.
// 1. Mark class as injectable
@Injectable()
export class CatsService {
constructor(private readonly logger: LoggerService) {}
}
// 2. Register as provider in module
@Module({
providers: [CatsService, LoggerService],
})
export class CatsModule {}
// 3. Inject via constructor
@Controller('cats')
export class CatsController {
constructor(private readonly catsService: CatsService) {}
}How do you create services in NestJS?
Services contain business logic and are decorated with @Injectable(). They're registered as providers in modules and can inject other services or repositories. Services should handle all business logic while controllers remain thin.
import { Injectable, NotFoundException } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { User } from './entities/user.entity';
import { CreateUserDto } from './dto/create-user.dto';
@Injectable() // Marks class for DI container
export class UsersService {
constructor(
@InjectRepository(User)
private usersRepository: Repository<User>,
) {}
async create(createUserDto: CreateUserDto): Promise<User> {
const user = this.usersRepository.create(createUserDto);
return this.usersRepository.save(user);
}
async findOne(id: number): Promise<User> {
const user = await this.usersRepository.findOne({ where: { id } });
if (!user) {
throw new NotFoundException(`User #${id} not found`);
}
return user;
}
async remove(id: number): Promise<void> {
const result = await this.usersRepository.delete(id);
if (result.affected === 0) {
throw new NotFoundException(`User #${id} not found`);
}
}
}What are provider scopes in NestJS?
NestJS supports three provider scopes that determine how instances are created and shared. Understanding scopes is important for managing state and performance.
The default singleton scope creates one instance shared across the entire application. Request scope creates a new instance for each incoming request. Transient scope creates a new instance each time the provider is injected.
import { Injectable, Scope } from '@nestjs/common';
// DEFAULT - Singleton (one instance shared across app)
@Injectable()
export class SingletonService {}
// REQUEST - New instance per request
@Injectable({ scope: Scope.REQUEST })
export class RequestScopedService {}
// TRANSIENT - New instance each time injected
@Injectable({ scope: Scope.TRANSIENT })
export class TransientService {}When to use each:
- Singleton (default): Most services—stateless business logic
- Request: When you need request-specific data (current user, tenant)
- Transient: When each consumer needs its own instance (rare)
How do you create custom providers?
Custom providers give you fine-grained control over how dependencies are created and resolved. You can provide values directly, use factory functions, or swap implementations based on environment.
@Module({
providers: [
// Standard provider
UsersService,
// Value provider
{
provide: 'API_KEY',
useValue: process.env.API_KEY,
},
// Factory provider
{
provide: 'DATABASE_CONNECTION',
useFactory: async (configService: ConfigService) => {
return createConnection(configService.get('database'));
},
inject: [ConfigService],
},
// Class provider with different implementation
{
provide: LoggerService,
useClass: process.env.NODE_ENV === 'test'
? MockLoggerService
: ProductionLoggerService,
},
],
})
export class AppModule {}
// Inject custom provider
@Injectable()
export class SomeService {
constructor(@Inject('API_KEY') private apiKey: string) {}
}Validation and Pipes Questions
Validation is critical for API security and data integrity.
How do you handle validation in NestJS?
NestJS uses class-validator decorators on DTOs combined with the built-in ValidationPipe. You create a DTO class with validation decorators, and the pipe automatically validates incoming data against the DTO, throwing BadRequestException with detailed error messages if validation fails.
This approach provides declarative validation that's easy to read and maintain, with consistent error responses across your API.
// dto/create-user.dto.ts
import {
IsEmail,
IsNotEmpty,
IsString,
MinLength,
IsOptional,
IsEnum,
} from 'class-validator';
import { Transform } from 'class-transformer';
export enum UserRole {
ADMIN = 'admin',
USER = 'user',
}
export class CreateUserDto {
@IsNotEmpty()
@IsString()
@Transform(({ value }) => value.trim())
name: string;
@IsEmail()
@Transform(({ value }) => value.toLowerCase())
email: string;
@IsString()
@MinLength(8, { message: 'Password must be at least 8 characters' })
password: string;
@IsOptional()
@IsEnum(UserRole)
role?: UserRole = UserRole.USER;
}
// dto/update-user.dto.ts
import { PartialType } from '@nestjs/mapped-types';
import { CreateUserDto } from './create-user.dto';
// All fields optional, same validation rules
export class UpdateUserDto extends PartialType(CreateUserDto) {}How do you configure the global ValidationPipe?
The ValidationPipe should typically be configured globally in main.ts. Key options include whitelist (strip unknown properties), forbidNonWhitelisted (throw on unknown properties), and transform (auto-convert payloads to DTO instances).
// main.ts
import { ValidationPipe } from '@nestjs/common';
async function bootstrap() {
const app = await NestFactory.create(AppModule);
app.useGlobalPipes(new ValidationPipe({
whitelist: true, // Strip non-whitelisted properties
forbidNonWhitelisted: true, // Throw error on extra properties
transform: true, // Auto-transform payloads to DTO types
transformOptions: {
enableImplicitConversion: true,
},
}));
await app.listen(3000);
}How do you create custom pipes?
Custom pipes implement the PipeTransform interface and can transform or validate input. They're useful for custom parsing logic that isn't covered by built-in pipes.
import { PipeTransform, Injectable, BadRequestException } from '@nestjs/common';
@Injectable()
export class ParseDatePipe implements PipeTransform<string, Date> {
transform(value: string): Date {
const date = new Date(value);
if (isNaN(date.getTime())) {
throw new BadRequestException(`Invalid date: ${value}`);
}
return date;
}
}
// Usage
@Get()
findByDate(@Query('date', ParseDatePipe) date: Date) {
return this.service.findByDate(date);
}Guards and Authorization Questions
Guards handle authorization and access control.
What are guards and how do they work?
Guards are classes that implement CanActivate and determine if a request should be handled. They return true to allow the request or false to deny it (resulting in a 403 Forbidden response). Guards have access to the ExecutionContext, which provides information about the current request.
Guards run after middleware but before interceptors and pipes, making them ideal for authentication and authorization checks.
// auth/guards/jwt-auth.guard.ts
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
@Injectable()
export class JwtAuthGuard implements CanActivate {
constructor(private jwtService: JwtService) {}
async canActivate(context: ExecutionContext): Promise<boolean> {
const request = context.switchToHttp().getRequest();
const token = this.extractToken(request);
if (!token) {
return false;
}
try {
const payload = await this.jwtService.verifyAsync(token);
request.user = payload;
return true;
} catch {
return false;
}
}
private extractToken(request: any): string | undefined {
const [type, token] = request.headers.authorization?.split(' ') ?? [];
return type === 'Bearer' ? token : undefined;
}
}How do you implement role-based authorization?
Role-based authorization combines a guard with a custom decorator. The decorator sets metadata on the route, and the guard reads that metadata to check if the user has the required role.
// auth/guards/roles.guard.ts
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
@Injectable()
export class RolesGuard implements CanActivate {
constructor(private reflector: Reflector) {}
canActivate(context: ExecutionContext): boolean {
const requiredRoles = this.reflector.get<string[]>(
'roles',
context.getHandler(),
);
if (!requiredRoles) {
return true; // No roles required
}
const { user } = context.switchToHttp().getRequest();
return requiredRoles.includes(user.role);
}
}
// auth/decorators/roles.decorator.ts
import { SetMetadata } from '@nestjs/common';
export const Roles = (...roles: string[]) => SetMetadata('roles', roles);How do you apply guards to controllers?
Guards can be applied at the method level, controller level, or globally. Controller-level guards protect all routes in that controller. Global guards protect the entire application.
@Controller('admin')
@UseGuards(JwtAuthGuard, RolesGuard) // Apply to all routes in controller
export class AdminController {
@Get('dashboard')
@Roles('admin') // Only admins
getDashboard() {
return { message: 'Admin dashboard' };
}
@Get('stats')
@Roles('admin', 'moderator') // Admins and moderators
getStats() {
return { message: 'Stats' };
}
}
// Or apply globally in app.module.ts
@Module({
providers: [
{
provide: APP_GUARD,
useClass: JwtAuthGuard,
},
],
})
export class AppModule {}Interceptors and Filters Questions
Interceptors and filters handle cross-cutting concerns.
What are interceptors and when do you use them?
Interceptors implement NestInterceptor and wrap the handler execution. They can add logic before and after the handler runs, making them ideal for logging, caching, response transformation, and performance monitoring.
Interceptors use RxJS observables, allowing powerful stream manipulation of responses.
// interceptors/logging.interceptor.ts
import {
Injectable,
NestInterceptor,
ExecutionContext,
CallHandler,
} from '@nestjs/common';
import { Observable } from 'rxjs';
import { tap } from 'rxjs/operators';
@Injectable()
export class LoggingInterceptor implements NestInterceptor {
intercept(context: ExecutionContext, next: CallHandler): Observable<any> {
const request = context.switchToHttp().getRequest();
const method = request.method;
const url = request.url;
const now = Date.now();
return next.handle().pipe(
tap(() => {
console.log(`${method} ${url} - ${Date.now() - now}ms`);
}),
);
}
}How do you transform responses with interceptors?
A transform interceptor wraps all responses in a consistent format. This is useful for standardizing your API responses across all endpoints.
// interceptors/transform.interceptor.ts
import { map } from 'rxjs/operators';
@Injectable()
export class TransformInterceptor<T> implements NestInterceptor<T, Response<T>> {
intercept(context: ExecutionContext, next: CallHandler): Observable<Response<T>> {
return next.handle().pipe(
map(data => ({
success: true,
data,
timestamp: new Date().toISOString(),
})),
);
}
}What are exception filters and how do you use them?
Exception filters catch exceptions thrown during request handling and format error responses. They implement ExceptionFilter and use the @Catch() decorator to specify which exceptions to handle.
// filters/http-exception.filter.ts
import {
ExceptionFilter,
Catch,
ArgumentsHost,
HttpException,
HttpStatus,
} from '@nestjs/common';
@Catch()
export class AllExceptionsFilter implements ExceptionFilter {
catch(exception: unknown, host: ArgumentsHost) {
const ctx = host.switchToHttp();
const response = ctx.getResponse();
const request = ctx.getRequest();
const status =
exception instanceof HttpException
? exception.getStatus()
: HttpStatus.INTERNAL_SERVER_ERROR;
const message =
exception instanceof HttpException
? exception.message
: 'Internal server error';
response.status(status).json({
success: false,
statusCode: status,
message,
path: request.url,
timestamp: new Date().toISOString(),
});
}
}
// Apply globally
app.useGlobalFilters(new AllExceptionsFilter());How do you create custom exceptions?
Custom exceptions extend HttpException and provide meaningful error messages for specific scenarios. This makes error handling more expressive and consistent.
import { HttpException, HttpStatus } from '@nestjs/common';
export class UserNotFoundException extends HttpException {
constructor(userId: number) {
super(`User with ID ${userId} not found`, HttpStatus.NOT_FOUND);
}
}
export class InsufficientPermissionsException extends HttpException {
constructor() {
super('Insufficient permissions', HttpStatus.FORBIDDEN);
}
}
// Usage
throw new UserNotFoundException(userId);Database Integration Questions
Database integration is essential for most NestJS applications.
How do you integrate TypeORM with NestJS?
TypeORM integrates seamlessly with NestJS through the @nestjs/typeorm package. You define entities with decorators, register them in modules, and inject repositories into services.
// entities/user.entity.ts
import { Entity, Column, PrimaryGeneratedColumn, CreateDateColumn } from 'typeorm';
@Entity('users')
export class User {
@PrimaryGeneratedColumn()
id: number;
@Column()
name: string;
@Column({ unique: true })
email: string;
@Column({ select: false }) // Exclude from queries by default
password: string;
@Column({ default: 'user' })
role: string;
@CreateDateColumn()
createdAt: Date;
}
// users.module.ts
@Module({
imports: [TypeOrmModule.forFeature([User])],
controllers: [UsersController],
providers: [UsersService],
exports: [UsersService],
})
export class UsersModule {}How do you integrate Prisma with NestJS?
Prisma provides a modern alternative with excellent TypeScript integration. You create a PrismaService that extends PrismaClient and manages connection lifecycle.
// prisma/prisma.service.ts
import { Injectable, OnModuleInit, OnModuleDestroy } from '@nestjs/common';
import { PrismaClient } from '@prisma/client';
@Injectable()
export class PrismaService extends PrismaClient implements OnModuleInit, OnModuleDestroy {
async onModuleInit() {
await this.$connect();
}
async onModuleDestroy() {
await this.$disconnect();
}
}
// users.service.ts
@Injectable()
export class UsersService {
constructor(private prisma: PrismaService) {}
async findAll() {
return this.prisma.user.findMany();
}
async findOne(id: number) {
return this.prisma.user.findUnique({ where: { id } });
}
}How do you handle configuration in NestJS?
The @nestjs/config package provides a clean way to manage environment-specific configuration. You can make it global and inject ConfigService anywhere in your application.
// Using @nestjs/config
import { ConfigModule, ConfigService } from '@nestjs/config';
@Module({
imports: [
ConfigModule.forRoot({
isGlobal: true,
envFilePath: `.env.${process.env.NODE_ENV}`,
}),
],
})
export class AppModule {}
// Inject and use
@Injectable()
export class SomeService {
constructor(private configService: ConfigService) {}
getDatabaseUrl() {
return this.configService.get<string>('DATABASE_URL');
}
}Testing Questions
NestJS has excellent built-in testing support.
How do you unit test services in NestJS?
NestJS provides a Test module that creates an isolated testing environment with dependency injection. You can easily mock dependencies by providing test implementations.
// users.service.spec.ts
import { Test, TestingModule } from '@nestjs/testing';
import { UsersService } from './users.service';
import { getRepositoryToken } from '@nestjs/typeorm';
import { User } from './entities/user.entity';
describe('UsersService', () => {
let service: UsersService;
let mockRepository: any;
beforeEach(async () => {
mockRepository = {
find: jest.fn(),
findOne: jest.fn(),
create: jest.fn(),
save: jest.fn(),
};
const module: TestingModule = await Test.createTestingModule({
providers: [
UsersService,
{
provide: getRepositoryToken(User),
useValue: mockRepository,
},
],
}).compile();
service = module.get<UsersService>(UsersService);
});
it('should find all users', async () => {
const users = [{ id: 1, name: 'John' }];
mockRepository.find.mockResolvedValue(users);
expect(await service.findAll()).toEqual(users);
expect(mockRepository.find).toHaveBeenCalled();
});
it('should throw NotFoundException for missing user', async () => {
mockRepository.findOne.mockResolvedValue(null);
await expect(service.findOne(999)).rejects.toThrow(NotFoundException);
});
});How do you write e2e tests for NestJS controllers?
End-to-end tests create a full application instance and make HTTP requests against it using supertest. This tests the complete request lifecycle including middleware, guards, and pipes.
// users.controller.spec.ts (e2e style)
import { INestApplication } from '@nestjs/common';
import * as request from 'supertest';
describe('UsersController (e2e)', () => {
let app: INestApplication;
beforeAll(async () => {
const moduleRef = await Test.createTestingModule({
imports: [AppModule],
}).compile();
app = moduleRef.createNestApplication();
await app.init();
});
it('/users (GET)', () => {
return request(app.getHttpServer())
.get('/users')
.expect(200)
.expect((res) => {
expect(Array.isArray(res.body)).toBe(true);
});
});
afterAll(async () => {
await app.close();
});
});Quick Reference
| Concept | Decorator/Class | Purpose |
|---|---|---|
| Module | @Module() | Organize code, define boundaries |
| Controller | @Controller() | Handle HTTP requests |
| Service | @Injectable() | Business logic, DI-managed |
| Guard | CanActivate | Authorization, access control |
| Pipe | PipeTransform | Validation, transformation |
| Interceptor | NestInterceptor | Wrap handler, modify request/response |
| Filter | ExceptionFilter | Handle exceptions |
| Middleware | NestMiddleware | Pre-route logic (like Express) |
NestJS vs Express Comparison
| Aspect | Express | NestJS |
|---|---|---|
| Structure | You decide | Modules, controllers, services |
| DI | Manual or external lib | Built-in IoC container |
| TypeScript | Optional | First-class support |
| Validation | Manual or middleware | ValidationPipe + class-validator |
| Testing | Manual setup | Test module with DI mocking |
| Learning curve | Lower | Higher |
| Best for | Small/medium APIs, prototypes | Enterprise, large teams |
Related Articles
- Complete Node.js Backend Developer Interview Guide - comprehensive preparation guide for backend interviews
- Express.js Middleware Interview Guide - Compare Express patterns to NestJS
- TypeScript Generics Interview Guide - TypeScript patterns used heavily in NestJS
- Authentication & JWT Interview Guide - Auth patterns for NestJS apps