My Other lists

• Software Development General Best Practices
• PR Code Review Practices
• Defensive Programming / Application Security Best Practices

I usually follow Airbnb's JavaScript Style Guide, still, I intend to keep this list as reference. Most of these rules will be enforced automatically if you integrate ESLint in your project.

1. Always use 'use strict' if you are still using es5
2. Don't use global variables
3. Always Prefer const over let. Ditch the var
4. Prefer writing pure functions over stateful functions which mutate data or produce side effects
5. Learn and use functional composition
6. Favor functional programming over imperative programming
7. Use method chaining
8. Prefer composition over inheritance
9. Use linters to ensure your code is consistent.
10. Use Airbnb JavaScript Style Guide for JavaScript (https://github.com/airbnb/javascript)
11. Avoid client-side console logs in production
12. Prefer '===' over '=='
13. Use default arguments instead of short-circuiting or conditionals
14. Function arguments (2 or fewer ideally)
15. Encapsulate conditionals in a separate function if possible
16. Avoid negative conditionals
17. Learn and practice implementation of SOLID Patterns
18. Use Promises, not callbacks
19. Async/Await is even cleaner than Promises, use it more
20. Use try/catch with async/await
21. Use Async-Await or promises for async error handling
22. Don't ignore rejected promises, log it to external logging service
23. Never use eval
24. Structure your solution by components
25. Wrap common utilities as npm packages
26. Separate Express 'app' and 'server'
27. Use environment aware, secure and hierarchical config
28. Distinguish operational vs programmer errors
29. Use only the built-in Error object
30. Handle errors centrally, not within a middleware
31. Exit the process gracefully when an unknown fatal error occurs
32. Use a mature logger to increase error visibility
33. Discover errors and downtime using APM products (sentry.io)
34. Catch unhandled promise rejections
35. Fail fast, validate arguments using a dedicated library
36. Use ESLint
37. Separate your statements properly
38. Prefer named function over anonymous. Name all functions, including closures and callbacks. Avoid anonymous functions, as it helps in profiling
39. Require modules by folders, opposed to the files directly
40. Require modules at the beginning of each file, before and outside of any functions
41. Detect code issues with a linter
42. Refactor regularly using static analysis tools
43. Avoid using the Node.js crypto library for handling passwords, use Bcrypt
44. Prevent evil RegEx from overloading your single thread execution
45. Don't block the event loop
46. Bootstrap using 'node' command, avoid npm start (In container environment)

NOTE: If you want to update this list, please comment, I'll incorporate your changes.

Ref.
https://github.com/goldbergyoni/javascript-testing-best-practices
https://github.com/ryanmcdermott/clean-code-javascript
https://github.com/goldbergyoni/nodebestpractices
https://github.com/RisingStack/node-style-guide
https://github.com/DrkSephy/es6-cheatsheet