Malicious emails often attach various forms of executable programs and trick users into running them. These include standard Windows executables (.exe), batch files (.bat), and even JavaScript files (.js). Starting February 13, 2017, Google will not allow JS files to be sent as an attachment, including JS files detected within archives.

If you're not familiar with web development, JavaScript is a common language used when developing web applications, and JS files are often loaded as part of web pages. However, opening an unknown JS file on Windows can be dangerous, as it runs inside Windows Script Host by default. From there, the script can easily run Windows executables.

While blocking .js attachments is a step in the right direction, it is unclear if any warnings will be shown when receiving emails with JS files attached.