Full-Stack Engineer

HTML5 is the standard markup language for structuring web content, providing elements that describe meaning (article, nav, section) rather than just appearance. It includes native form controls, media elements, and ARIA landmark roles that assistive technologies rely on. Semantic HTML improves both accessibility and machine readability of web pages.

Why it matters · The skeleton of every page; semantic, accessible markup is a hard requirement in real code reviews and audits.

CSS is the stylesheet language used to control the visual presentation of HTML documents. Flexbox handles one-dimensional layouts such as navigation bars and card rows, while Grid enables two-dimensional page layouts. A mobile-first responsive approach styles for small screens by default, then applies media queries to adapt for larger viewports.

Why it matters · Most web traffic is mobile, so fluid layout with Flexbox and Grid plus mobile-first responsive design is non-negotiable.

JavaScript is a dynamic, event-driven programming language that runs natively in browsers and on servers via Node.js. ES6+ features (arrow functions, destructuring, modules, classes) are the modern baseline. The Fetch API and async/await syntax enable non-blocking HTTP requests and asynchronous control flow without callback nesting.

Why it matters · The language of the browser and of your future Node backend; everything later assumes fluent modern JavaScript.

Web accessibility refers to design and engineering practices that make content usable by people with disabilities, including those using screen readers or keyboard-only navigation. Semantic HTML handles most cases automatically; ARIA attributes supply missing role or state information only when native elements are insufficient. Keyboard operability requires that all interactive elements are focusable and respond to standard key events.

Why it matters · Accessible, keyboard-navigable UI is increasingly a review gate and a legal expectation; learning it alongside HTML/CSS costs little and pays off in every role.

Tailwind CSS is a utility-first CSS framework that provides low-level, single-purpose classes (flex, mt-4, text-center) composed directly in HTML or JSX. It generates a minimal production stylesheet by scanning source files and removing unused utilities. Tailwind is widely adopted in React and Next.js stacks as a replacement for writing custom CSS files.

Why it matters · The default styling approach in modern React/Next.js stacks and many 2026 listings; learn it after raw CSS, not instead of it.

TypeScript is a statically typed superset of JavaScript that compiles to plain JavaScript. It adds optional type annotations, interfaces, generics, and enums that catch category errors at compile time rather than at runtime. TypeScript integrates with editors for autocompletion and refactoring, and is the standard for modern JavaScript projects.

Why it matters · Now the baseline for serious JS work, not a differentiator, used by roughly 78% of professional developers and the most-contributed language on GitHub in late 2025; teams expect strict mode.

Node.js is a JavaScript runtime for executing code outside the browser, and npm is its package registry and dependency manager. Vite is a fast build tool and development server for frontend projects, using native ES modules for near-instant hot reloading. ESLint performs static analysis to catch code errors and enforce style rules, while Prettier auto-formats source code consistently.

Why it matters · You must run, bundle, lint, and format real projects; Vite is the modern default dev/build tool for non-Next apps.

React is a JavaScript library for building user interfaces through composable, declarative function components. Hooks (useState, useEffect, useContext) manage local state, side effects, and shared data without class components. React's virtual DOM diffing updates only the parts of the real DOM that changed, making UI updates efficient.

Why it matters · The strongest job-market choice, used by about 45% of professional developers (Stack Overflow 2025) and the most-requested frontend framework in listings.

Client-side routing enables navigation between views in a single-page application without full page reloads, using libraries such as React Router or TanStack Router. Data fetching involves requesting server resources after the page loads, typically via the Fetch API or a caching library like TanStack Query. These two concerns together define how a frontend app moves between screens and keeps its data fresh.

Why it matters · Real apps have multiple views and load server data; routing plus fetch/caching patterns are everyday work.

State management refers to how an application stores and shares data across components. React's built-in Context API handles many shared-state cases without additional dependencies. When state becomes complex or performance-sensitive, lightweight libraries such as Zustand or the Redux Toolkit provide predictable, inspectable stores.

Why it matters · Know built-in state first; reach for Zustand or Redux only for genuinely complex global state, defaulting to Redux everywhere is outdated.

Node.js enables JavaScript to run server-side, and Express is a minimal web framework built on top of it for defining HTTP routes and middleware pipelines. Middleware functions intercept requests to handle tasks such as authentication, logging, and body parsing before they reach route handlers. Input validation libraries (Zod, Joi) are commonly added to enforce schema correctness on incoming data.

Why it matters · Node is the most-used web technology (about 49% in Stack Overflow 2025) and Express remains the most common Node API framework.

REST is an architectural style for web APIs that maps CRUD operations to HTTP methods (GET, POST, PUT, DELETE) and organizes resources as URL paths. GraphQL is a query language that lets clients request exactly the fields they need in a single request, reducing over- and under-fetching. tRPC generates end-to-end type-safe API calls in TypeScript monorepos without a separate schema definition step.

Why it matters · REST is the lingua franca of web APIs; know it cold, and recognize when GraphQL or tRPC fits (both appear in modern TypeScript stacks).

Authentication verifies identity while authorization controls what an authenticated principal may do. Sessions store identity server-side in a database, while JSON Web Tokens embed signed claims in a client-side token. OAuth 2.x is the industry standard for delegating access via third-party identity providers, and password hashing with Argon2 or bcrypt protects stored credentials from exposure.

Why it matters · Every product needs login; Argon2/bcrypt hashing, sessions or JWTs, and OAuth flows are core backend competencies.

SQL is the standard language for querying and manipulating relational data through statements such as SELECT, INSERT, UPDATE, and DELETE. PostgreSQL is an open-source relational database with strong ACID guarantees, rich indexing options, and a JSONB column type for schemaless document storage alongside structured tables. Proper schema design and index selection directly determine query performance at scale.

Why it matters · Postgres is the default database for new apps and the most-used database in recent developer surveys; SQL fluency is expected of every full-stack dev.

An ORM (Object-Relational Mapper) translates between database rows and programming language objects, letting developers query data with type-safe functions instead of raw SQL strings. Prisma generates a TypeScript client from a declarative schema file, while Drizzle provides a thin SQL-like query builder with TypeScript inference. Both tools include a migration system that tracks and applies incremental schema changes.

Why it matters · Modern TypeScript backends use a type-safe ORM with versioned migrations rather than hand-written SQL strings scattered everywhere.

Redis is an in-memory data store used for caching, session storage, pub/sub messaging, and rate limiting due to its microsecond read/write latency. Caching stores the result of expensive computations or database queries so repeat requests are served from memory. MongoDB is a document database that stores data as flexible BSON documents, suited for workloads where a rigid relational schema is inconvenient.

Why it matters · Redis is widely used for caching, sessions, and real-time work; knowing one document store (MongoDB) covers common non-relational cases.

Next.js is a React framework that provides file-system routing, server-side rendering, and static generation in a single project. The App Router (introduced in Next.js 13) uses React Server Components to render HTML on the server with zero client JavaScript by default, and Server Actions provide a way to call server-side code directly from component event handlers. Route handlers define API endpoints inside the same project without a separate server.

Why it matters · The dominant framework for production React and one of the most common stacks in 2026 full-stack listings.

Full-stack integration refers to connecting an authentication layer, a relational database, and a type-safe ORM within one cohesive application. This typically involves configuring an auth library (NextAuth, Lucia, or similar) to persist sessions in Postgres via an ORM, then protecting API routes and server components based on session state. Getting these layers to interact correctly, with proper error handling and transaction boundaries, is the core skill of full-stack engineering.

Why it matters · The job is connecting auth, database, and UI together correctly; this integration is what employers actually test for.

Git is a distributed version control system that tracks changes to source code through a graph of commits and branches. GitHub hosts Git repositories and adds collaboration features including pull requests, code review threads, and CI status checks. Branching strategies such as feature branches and trunk-based development allow teams to work in parallel without overwriting each other's changes.

Why it matters · Universal table stakes; version control gates every team workflow and code review.

Managed hosting platforms such as Vercel, Railway, and Fly.io abstract away server provisioning, handling build pipelines, TLS certificates, global CDN distribution, and autoscaling automatically. Developers configure deployments through environment variables and project settings rather than managing infrastructure. Understanding how secrets, custom domains, and DNS records work on these platforms is necessary to ship production applications.

Why it matters · Most 2026 full-stack roles deploy to managed platforms; learn environment variables, secrets, DNS, and HTTPS, not Kubernetes.

CI/CD (Continuous Integration and Continuous Delivery) automates the process of running tests, linters, and builds on every code change before it merges or deploys. GitHub Actions defines these workflows as YAML files in the repository, triggered by events such as pull requests and pushes to main. A passing CI pipeline gives teams confidence that new changes do not break existing functionality.

Why it matters · Automating lint/test/build on every pull request is standard practice and easy to show off in a portfolio repo.

Docker packages an application and its dependencies into a portable image that runs identically across development and production environments. A Dockerfile describes the steps to build an image, and Docker Compose defines multi-container setups (app server, database, cache) in a single configuration file for local development. Containerization eliminates environment drift and simplifies onboarding new contributors.

Why it matters · Docker is widely used for reproducible environments and local service orchestration; containerizing one app is enough to start.

Vitest is a fast unit and integration test runner for JavaScript and TypeScript projects, compatible with the Jest API and designed for Vite-based builds. React Testing Library provides utilities that render components and query the DOM the way a user would, discouraging tests that rely on internal implementation details. Playwright is a browser automation framework used for end-to-end tests that simulate real user flows across Chromium, Firefox, and WebKit.

Why it matters · Production code ships with tests; Vitest/RTL for units and Playwright for end-to-end are the current default stack.

The OWASP Top 10 is an authoritative list of the most critical web application security risks, including injection, broken authentication, and insecure design. Cross-site scripting (XSS) attacks inject malicious scripts into pages viewed by other users, while SQL injection manipulates database queries through unsanitized input. Content Security Policy (CSP) headers and enforced HTTPS mitigate these and other transport-layer attacks.

Why it matters · Knowing the common attack classes and how to prevent them is expected even of juniors and shows up in reviews.

Web performance engineering focuses on reducing the time a browser takes to load, render, and become interactive with a page. Core Web Vitals are a set of Google-defined metrics: Largest Contentful Paint (loading), Interaction to Next Paint (responsiveness), and Cumulative Layout Shift (visual stability). Techniques such as code splitting, image optimization, caching, and server-side rendering directly improve these scores.

Why it matters · Fast UX is both a product and an SEO requirement; understanding loading, rendering, and the core metrics separates good engineers.

Large language model APIs (OpenAI, Anthropic) expose HTTP endpoints that accept a conversation history and return generated text completions. Streaming responses send tokens incrementally so the UI can display output as it is produced. Retrieval-Augmented Generation (RAG) supplements a model's prompt with relevant documents retrieved from a vector database, grounding responses in specific knowledge rather than relying solely on trained weights.

Why it matters · AI literacy ranks among the top in-demand 2026 skills, and shipping one AI feature is now a common, differentiating portfolio piece.

AI coding assistants integrate language models into the development workflow to autocomplete code, generate boilerplate, explain errors, and suggest refactors inline. GitHub Copilot operates as an IDE extension, while Claude Code and Cursor provide agentic interfaces that can read repository context, run commands, and apply multi-file edits. These tools augment developer throughput by handling routine coding tasks and surfacing relevant documentation.

Why it matters · Most developers now use AI coding assistants regularly; fluency with them is part of being productive on the job.

Amazon Web Services (AWS) is a cloud platform that provides on-demand compute, storage, and managed services. S3 is an object storage service for files and static assets, RDS is a managed relational database service (including Postgres), and Lambda runs code in response to events without managing servers. IAM (Identity and Access Management) controls which users and services are permitted to call which AWS APIs, following least-privilege principles.

Why it matters · AWS is the most-requested cloud in listings; you do not need certs, but core services and IAM concepts help you grow past managed hosts.

Kubernetes is an open-source container orchestration system that automates deployment, scaling, and management of containerized workloads across a cluster of nodes. It introduces concepts such as Pods, Deployments, Services, and Ingress controllers to describe how containers run and communicate. Managed Kubernetes offerings (EKS, GKE, AKS) reduce operational overhead but still require understanding of cluster configuration and resource definitions.

Why it matters · Not required for most full-stack roles in 2026, managed hosts abstract it; learn only for infra/platform-leaning jobs.

A capstone project is a complete, independently built application that integrates frontend, backend, database, and authentication into a single deployed product. It serves as concrete evidence of the ability to make architectural decisions, handle real data, write tests, and operate a production system. Portfolio projects that are publicly deployed and link to their source code are reviewable artifacts that demonstrate practical competence.

Why it matters · Shipped projects beat certificates; employers want proof you can take a product from concept to production largely on your own.

Technical interview preparation covers three main areas: data structures and algorithm problems assessed through coding exercises, system design discussions evaluating how to architect scalable distributed systems, and behavioral questions exploring communication and collaboration. Data structures (arrays, hash maps, trees, graphs) and common algorithms (sorting, binary search, BFS/DFS) form the foundation of the coding component. System design interviews assess knowledge of load balancing, caching, databases, and service decomposition.

Why it matters · Full-stack interviews mix coding, light system design, and collaboration questions; targeted practice closes the gap.