The npm blog has an article about npm and Heartbleed:
We started patching machines within 30 minutes of the revelation of the bug, and our last vulnerable machine was patched at 7.30am Pacific today.
There has been no evidence so far that our keys were compromised during this period, but nevertheless we are regenerating all our SSL keys anyway and will be rolling them out over the next couple of days (we are very cautious about testing and rolling out new certs since an earlier incident in which we broke a lot of older npm clients while doing so).
Brian White sent in sipster (GitHub: mscdex / sipster, License: MIT, npm: sipster), a pjsip binding for Node. This is the basis for the SIP driver used by Asterisk 12+. He hasn't yet been able to get a working build environment set up for Windows, but it should work for Unix systems.
Here's a list of what Brian says it can do so far:
The API is event based -- for example:
call.on('dtmf', cb), and I think the C++ binding is a cool example of a Node native module: src/binding.cc.