[Snyk Dev Position] (https://snyk.io)
Snyk is an early stage startup located in Tel Aviv. Our mission is to secure the way we build and consume open source software. We have top tier advisors and investors, including the founders of GitHub, Parse, Wix, PubNub and more.
Our users are developers just like us, and we value products that look as good on the inside as they do on the outside. Matching the expectations of other developers and solving problems they face sets a high bar for us to continuously strive towards.
We are building a remote-first company culture, focusing on engineering practices that fit the open source world. We believe in openness as the best attitude, and follow it in how we act as a team and how we build our products.
We have offices in Tel Aviv and in London, bringing in talent where we find a match :)
We are looking for talented fullstack developers to join our team. Our eyes are set on good people who care about the team they are on, want to shine professionally and take part in building something great.
For us, shining professionally means this:
- Deep technical understanding, as required in the security world
- Strong engineering capability, matching the high standards set by developers using our service
- Constant engagement with our users to improve and perfect our service
We write mostly in NodeJS, and our service is currently focused on this exciting ecosystem. Prior NodeJS experience is not a must on your behalf :)
Now I'd like to publicly begin the interview process, and present the first question we want to discuss. If the exercise below makes your neurons spark with ideas, we want to hear from you - find us on snyk.io or send me a message!
Background
NodeJS has a managed packages environment called npm. A package is a functional NodeJS module with versioning, documentation, dependencies (in the form of other packages), and more. npm is being constantly updated with new packages and new versions of existing packages.
In order to identify vulnerabilities in certain packages, the following (rough) process takes place:
- User provides name of package for analysis
- We fetch the overall set of dependencies of given package
- We compare the set of dependencies with a managed set of vulnerable packages
- We identify remediation paths (upgrades and/or patches for vulnerable packages)
- Users choose their preferred remediation action and we apply it
Exercise
In this exercise we will focus on on stages 1 and 2 for named dependencies alone. That is, disregard versions of dependent packages.
Your task is to design a web service that, given a name of an npm package, returns all its dependent packages to be used by the consequent stage (3).
Things to consider:
- Obtain package data by a GET request such as: https://registry.npmjs.org/package_name/latest?json=true
- Look at the inner "dependencies" object for analysis of first-order dependencies
- There are currently over 240K packages on npmjs.com, and the number is growing all the time
- The packages update from time to time, just as their dependencies... What does this mean for you?
- What makes a good web service? API, architecture, low latency, scalability, monitoring, you name it :)
Wow, you read this far? Kudos, you are probably in the special 10% or less of people who took the time! Give this some thought and let us know what you think.