If you still need to send a .js file to someone, the best course of action is to upload the file to a file-sharing service, a la Google Drive, Dropbox, and so forth. Google Drive, not surprisingly, is Google's suggestion, although you'd be free to use any service you deem appropriate.
If you're really desperate to send a file directly through Gmail, you may be able to get away with storing it inside of an encrypted archive, but by that point, it's probably easier to simply go the pain-free route of uploading it to a cloud service. When a user needs a password to decrypted an archive, it's almost assuredly going to be easier to simply click through to a link from a service like Google Drive.
For those curious, a full list of extensions Google blocks is as follows: .ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSI, .MSP, .MST, .NSH, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF, .WSH. Note that in an unencrypted archive (.7z, .zip), these files won't escape detection.
Ultimately, this is a potential added pain for developers, but should help continue to make email even safer for those who are quick to click before thinking about what they're doing.