Versions of floody before 0.1.1 are vulnerable to remote memory exposure.

.write(number)in the affectedfloody` versions passes a number to Buffer constructor, appending a chunk of uninitialized memory.

Proof of Concept:

var f = require('floody')(process.stdout); 
f.write(USERSUPPLIEDINPUT); 
'f.stop();


## Recommendation

Update to version 0.1.1 or later.
### References
- https://github.com/soldair/node-floody/commit/6c44722312131f4ac8a1af40f0f861c85efe01b0
- https://www.npmjs.com/advisories/601
- https://snyk.io/vuln/npm:floody:20160115