Is the app ready to be deployed on the production. If not, then tell the flaws.
A code-review / checklist question. Walk a production-readiness checklist: error handling & boundaries, loading/empty/error states, accessibility, security (XSS, secrets, auth), performance (bundle, images), testing, env config, monitoring/logging, and edge cases. Name concrete flaws, don't hand-wave.
This is a code-review checklist question — they want a structured sweep and specific flaws, not "looks fine."
The production-readiness checklist
1. Error handling & resilience
- Are API calls wrapped in try/catch? Is there an error boundary so one component crash doesn't white-screen the app?
- Are failed requests retried / surfaced to the user, not swallowed?
2. UI states
- Every async view needs loading, empty, error, and success states. A common flaw: only the happy path is built.
3. Accessibility
- Semantic HTML, alt text, labels on inputs, keyboard navigation, focus management, color contrast. Often entirely missing.
4. Security
- No secrets/API keys in client code or the bundle. No
dangerouslySetInnerHTMLwith unsanitized input (XSS). Auth checks not relying on hidden UI. HTTPS, proper CORS.
5. Performance
- Bundle size — code splitting, tree-shaking, no huge unused deps. Images optimized/lazy-loaded. No obvious unnecessary re-renders or N+1 requests. Lighthouse run.
6. Testing
- Are there any tests? Critical paths covered? Does CI run them?
7. Configuration & environments
- Environment variables, not hardcoded URLs. Separate dev/staging/prod config. Source maps handled appropriately.
8. Monitoring & observability
- Error tracking (Sentry), analytics, logging. If it breaks in prod, will anyone know?
9. Build & deploy
- Production build (minified,
NODE_ENV=production), noconsole.logspam, no debug flags on. Caching/CDN headers.
10. Edge cases & UX polish
- Slow network, offline, empty data, very long strings, mobile/responsive, browser support, form validation.
How to answer when shown actual code
Don't list the checklist abstractly — point at the code: "This fetch has no .catch, so a network error throws unhandled. There's no loading state — the user sees a blank screen. This API key is in the client bundle. The list uses index as key. No tests. Hardcoded localhost URL." Concrete > generic.
The framing
"I'd treat it as a production-readiness review. Usually not ready — the typical gaps are: only the happy path built (no loading/error/empty states), no error boundary, accessibility missing, secrets or hardcoded URLs in the client, an unoptimized bundle, no tests, and no error monitoring. The key is to name the specific flaws in the code in front of me — 'this fetch has no catch,' 'this key is in the bundle' — not recite a generic list."
Follow-up questions
- •What's the single most critical flaw to fix before launch?
- •How would you set up error monitoring for a production frontend?
- •What security issues do you check for in client-side code?
- •How do you decide what test coverage is 'enough' to ship?
Common mistakes
- •Saying 'it looks fine' without a structured review.
- •Listing the checklist generically instead of citing concrete flaws in the code.
- •Focusing only on code style, missing security/accessibility/monitoring.
- •Ignoring non-happy-path UI states entirely.
Performance considerations
- •Bundle size, image optimization, code splitting, and avoiding unnecessary re-renders / N+1 requests are all part of the readiness review — run Lighthouse and check Core Web Vitals before shipping.
Edge cases
- •App works in dev but breaks in a production build (env vars, minification).
- •Works on fast networks/desktops but fails on slow/mobile.
- •Secrets leaked into the client bundle.
- •No monitoring, so production errors go unnoticed.
Real-world examples
- •A demo app shipped with the API key visible in the JS bundle.
- •An app that white-screens in production because there's no error boundary around a crashing component.