Express JS Cheat Sheet 2026

The 30 highest-yield Express JS facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

50 questions
60 min time limit
70.00% to pass
  1. How can you ensure unhandled promise rejections don't crash your Express server in Node.js? Listen for the 'unhandledRejection' event on the process object
  2. How do you prevent Express from revealing its version in the X-Powered-By header? app.disable('x-powered-by') or use helmet()
  3. What is the signature of an Express error-handling middleware? (err, req, res, next)
  4. How do you redirect a client to a different URL in Express? res.redirect(url)
  5. Which method defines a route that responds to all HTTP methods in Express? app.all()
  6. How do you define a catch-all route that handles any path not matched by previous routes? app.use('*', handler) or app.get('*', handler) placed last
  7. Which package is commonly used to implement Passport.js-based authentication in Express? passport
  8. What does the secure: true option do when setting cookies in Express? Ensures the cookie is only sent over HTTPS connections
  9. How many parameters must an Express error-handling middleware function declare? 4 (err, req, res, next)
  10. What's the best approach to save local variables that can be accessible from within the app? Using app.locals
  11. What is API versioning in Express and why is it important? Prefixing routes with /v1, /v2 to support multiple API versions simultaneously
  12. Which Express object is used to create a modular, mountable route handler? express.Router()
  13. Which middleware is commonly used to prevent Cross-Site Request Forgery (CSRF) in Express apps with sessions? csurf (or modern alternatives like csrf-csrf)
  14. In a RESTful Express API, what HTTP status code should a successful resource creation return? 201 Created
  15. What does the helmet package help protect against in Express? XSS, clickjacking, and other attacks by setting security HTTP headers
  16. What is the recommended way to handle async errors in Express 5? Express 5 automatically catches rejected promises in route handlers
  17. What HTTP status code should be returned when a requested resource is not found in an Express REST API? 404 Not Found
  18. How do you verify a JWT in an Express middleware using the jsonwebtoken package? jwt.verify(token, secret, callback)
  19. What happens if a middleware function does not call next() or send a response? The request hangs and the client never receives a response
  20. What is the purpose of pagination in a REST API endpoint that returns a list of resources? To limit the number of items returned per request and reduce payload size
  21. What type of middleware runs for every route regardless of path or method? Application-level middleware registered with app.use() without a path
  22. Which HTTP method is conventionally used to create a new resource in a REST API built with Express? POST
  23. How do you differentiate between development and production error responses in Express? Check process.env.NODE_ENV in the error handler and conditionally include stack traces
  24. How do you retrieve the value of the 'Authorization' request header in Express? req.get('Authorization') or req.headers['authorization']
  25. What does next('router') do when called inside a Router middleware? Skips the rest of the router's middleware and returns control to the parent app
  26. Which of the following was the Pug's previous name? Jade
  27. What does passing the string 'route' to next() do in Express? Skips remaining handlers for the current route and moves to the next route
  28. In Express, where must error-handling middleware be placed relative to other middleware? At the very end, after all routes and other middleware
  29. What is res.locals used for in Express template rendering? Storing variables available to templates for the current request only
  30. What is the purpose of bcrypt when handling passwords in an Express application? Hashing passwords with a salt to securely store them