diff --git a/build/readpack.js b/build/readpack.js
index 84674cb..c42dd3f 100755
--- a/build/readpack.js
+++ b/build/readpack.js
@@ -12,11 +12,9 @@ var key = args[0];
 var value;
 
 try {
-    value = eval('(pkg.' + key + ')');
+    value = pkg[key]; // Safely access the property using bracket notation
     process.stdout.write(value || '');
 } catch(e) {
     process.stdout.write('');
     process.exit(1);
 }
-
-
diff --git a/build/tplrender.js b/build/tplrender.js
index 1bd7e4a..80ffc6e 100755
--- a/build/tplrender.js
+++ b/build/tplrender.js
@@ -12,11 +12,16 @@ var tplpath = path.join(process.cwd(), args[0]);
 var tplstr = fs.readFileSync(tplpath, 'utf8');
 
 try {
-    value = eval('(function(pkg) { return `' + tplstr + '`})(pkg)');
+    // Use a safer alternative to eval for template processing
+    value = tplstr.replace(/\${(.*?)}/g, (match, p1) => {
+        try {
+            return new Function('pkg', `return ${p1}`)(pkg);
+        } catch (e) {
+            return '';
+        }
+    });
     process.stdout.write(value || '');
 } catch(e) {
     process.stdout.write('');
     process.exit(1);
 }
-
-