Suspicious Package
An Application for Inspecting macOS Installer Packages
Every macOS Installer Package Looks the Same
Consider a few macOS Installer packages:
- One contains a useful and well-designed product, which can't be easily installed using drag-and-drop.
- One contains well-intentioned software that will nevertheless splatter pieces all over your startup disk.
- One contains a vital component — like a scanner driver — but will also install a handful of annoying, unwanted applications that the driver vendor distributes in return for “promotional consideration.”
- One contains malware that will infest your system and your network, and probably ruin your week.
Which one is which? ¯\_(ツ)_/¯ The answer in macOS has traditionally been “install it and find out!”
The built-in security features of macOS — such as Gatekeeper, package signing and most recently, notarization — might rule out malware ... if you're lucky. But there's still a huge gray area between that and a well-designed package.
Look Inside Them with Suspicious Package
With Suspicious Package, you can open a macOS Installer package and see what's inside, without installing it first.
Where does it come from?
- See who signed it
- Check where it was downloaded from
- See if Apple notarized it
- Check for Apple Silicon support
What does it install?
- Browse installed files
- See versions and other metadata
- Preview items with Quick Look
- Open text files and property lists
- Export individual files or folders
What else does it do?
- See scripts it will run
- Examine installer “receipts”
- Review potential issues
- See macOS Full Installer details
Or Get a Quick Look
Suspicious Package includes an extension for the macOS Quick Look feature. Get a preview
of the package right from the Finder:
Want to Know More?
Download Suspicious Package here, or learn more here.
(No, this is not the same thing as Show Package Contents in Finder. It's also safer and more comprehensive than Show Files in the macOS Installer.)