https://github.com/djvirgen/virgen-acl Simple and elegant, create your own checks. No middleware?
https://github.com/OptimalBits/node_acl Use as middleware, create your own roles and access. Great choice.
https://github.com/tschaub/authorized Similar to connect roles... but a bit more robust? you can create roles and action, and associate many roles with that action
https://github.com/scottkf/ability-js Like canCan for rails. This is a traditional controller / function type permission system. May be too abstract.
https://github.com/dresende/node-roles More traditional setRole() hasRole() based checking. Last activity 2 years ago.
https://github.com/carlos8f/node-relations Natural language style roles. Looks very promising and is in active development
https://github.com/ForbesLindesay/connect-roles Simple and closer to action / natural language based. Requires writing your own checks for each.
https://github.com/ajlopez/SimplePermissions Maybe too simple? Makes sense for assigning roles but then its hard to check against roles!
https://npmjs.org/package/entitlement Not ideal but here for reference sake.
https://github.com/codedoctor/mongoose-plugins-accessible-by Set access per field of mongoose Schema. Not supported or maintained, and noted as not a perfect fit in all cases... but worth considering as a simple way to control access to fields.
If you wish to enhance the list, we wrote this with my team: https://github.com/bluebirds-blue-jay/access-control