Javascript static analysis patterns? – Information Security Stack Exchange

I want to extract javascript from websites and do static analysis on the contents to determine if it’s malicious. I can’t find any comprehensive sources on what to look for exactly when doing such an analysis. For example, the eval() function is a security threat so its appearance gives big indications. document.write() is another one. What are some other key/patterns I could look for? I can’t seem to find any good sources talking about this.