We stand with Ukraine to help keep people safe. Join us
All Apps
Best AppsReviewsComparisonsHow-To

Suspicious Package for Mac

Preview contents of installer packages.

Free
In English
5.0
Based on 16 user rates

Suspicious Package overview

With Suspicious Package, you can find out important information about those package files you download. Do you know what files that OS X Installer package actually installs?... Do you know what scripts it runs during installation, and what they do?... Do you know who the package really came from?... Maybe you're quite literally suspicious of a package you've downloaded. Or perhaps you're just curious about what some package does. Or maybe you want to find out after the fact exactly what files a package scattered across your computer. Whatever the reason, Suspicious Package allows you to see inside an installer package. (And it's completely free.)

Suspicious Package is now actually both an OS X application,... and a plug-in for the Quick Look feature of OS X.

What’s new in version 4.4

  • Added File > Show Launch Information for Item, which can be used on code-signed bundles or executables. It shows the code signing identity, as well as any explicit launch constraints that will gate the launch of that component on macOS 14 (Sonoma).
  • Added support for using Beyond Compare for the File > Compare Packages command. This can be configured via Suspicious Package > Preferences > Compare > Compare Packages Using.
  • Added a Swedish localization — thanks to Frank Winterpil for making this possible!
  • Updated the French localization — thanks to Olivier Prompt for keeping this going for so many years!
  • When using File > Show Item as Property List, you can now Control-click on an item (whether dictionary key or array item) to copy various bits to the clipboard: the key, the value or a new property list with just that item, in XML format. If the value is a pure data type, you can copy it as a hex string, or export it to a new file.
  • When using File > Show Item as Property List on Info.plist files, File > Show Entitlements for Item, or File > Show Entitlements for All Executables, recent search terms will now be preserved across packages and app launches.
  • Improved the handling of certain packages containing executables with older 32-bit Intel (or still older PowerPC) architecture support, so that they don't show (confusingly) as having “mixed Apple Silicon and Intel support” on the Package Info tab.
  • Fixed a bug where Kaleidscope 4 might not be able to be selected via Suspicious Package > Preferences > Compare > Compare Packages Using. If you had Kaleidscope 3 previously configured, version 4 would've worked, but Suspicious Package got confused because version 4 has a different bundle identifier. Now it should properly recognize version 4 and/or 3 in the UI. (In either case, Suspicious Package uses /usr/local/bin/ksdiff to initiate a compare, and it's up to that tool to choose which app to talk to.)
  • Fixed a bug where the entitlements for certain executables were not properly shown. (DER-format entitlements with dictionary values were not correctly decoded.)
  • Avoid triggering the macOS alert that “Suspicious Package would like to access data from other apps” when previewing a macOS Full Installer package. As explained here, Suspicious Package wasn't trying to access the data from anything other than its own Quick Look Preview extension, and it didn't really matter if you disallowed it. But it was annoying!
  • When exporting an item from a package, Suspicious Package will now ensure that all files are both readable and writable for the current user, regardless of the permissions specified by the package. It has always done this for directories (largely so that the exported item can be easily removed after examination), but non-writable files can trigger other subtle problems, such as not being able to remove the quarantine attribute and possibly triggering the app translocation behavior. Note that Suspicious Package has always ignored the package-specified ownership when exporting — one of the many ways that exporting is not installing.
  • Allow the use of File > Show Package in Finder (Cmd-Option-R) from the Welcome to Suspicious Package window, in case you want to reveal the selected package without having to open it first.
  • Removed support for macOS 11 (Big Sur).
View older Suspicious Package versions

Suspicious Package for Mac

Free
In English
Version 4.4
Try our new feature and write a detailed review about Suspicious Package

What customer like

Performance

What needs improvements

Customization

Suspicious Package qualities

Value
5.0
Ease of use
5.0
Features
5.0
Reliability
5.0
Customer support
5.0

Write your thoughts in our old-fashioned comment

MacUpdate Comment Policy. We strongly recommend leaving comments, however comments with abusive words, bullying, personal attacks of any type will be moderated.
5.0

(18 Reviews of Suspicious Package)

  • Comments

  • User Ratings

Ironman
Ironman
Dec 16 2022
4.3.1
0.0
Dec 16 2022
0.0
Version: 4.3.1
Unfortunately the new version is for Big Sur or higher. But I highly recommend this app for anyone "curious" or "paranoid" You can see inside installers and make your digital life a bit more secure.
enriqueapolinar
enriqueapolinar
Mar 17 2022
4.2
0.0
Mar 17 2022
0.0
Version: 4.2
...it is very complete; what happens is that I have little need to use it ...
Cerniuk
Cerniuk
Jul 11 2020
3.5.3
5.0
Jul 11 2020
5.0
Version: 3.5.3
Very impressed. Software is exceptionally well designed, easy to use, and teaches the user about how installer packages are created though Suspicious Package's use. While I love Pacifist, Suspicious Package (SP) has become my go-to and I set it as my default '.pkg' file opener. It would be awesome if SP could have a setting where you drag your favorite anti-virus software into an image well and it would then offer the ability to open whatever package you are analyzing into that AV software whenever you run SP. (sub launch with file)
tomtomklub
tomtomklub
May 8 2019
3.4.1
5.0
May 8 2019
5.0
Version: 3.4.1
Essential tool to see what sorts of sneaky sludge an app may want to stuff into your system.
Cortig
Cortig
Oct 8 2018
3.3.2
5.0
Oct 8 2018
5.0
Version: 3.3.2
Love this app. Very convenient way to figure out what will be installed by a .pkg beforehand. I mostly use it through QuickLook, but the app itself provides additional features that are quite handy too.
Ervins Strauhmanis
Ervins Strauhmanis
Sep 7 2023
4.3.3
5.0
Sep 7 2023
5.0
Version: 4.3.3
ipeooc
ipeooc
Aug 14 2023
4.3.3
5.0
Aug 14 2023
5.0
Version: 4.3.3
The_Blinded
The_Blinded
Aug 3 2023
4.3.3
5.0
Aug 3 2023
5.0
Version: 4.3.3
Cerniuk
Cerniuk
Jul 11 2020
5.0
Jul 11 2020
5.0
Version: null
tomtomklub
tomtomklub
May 8 2019
5.0
May 8 2019
5.0
Version: null
Cortig
Cortig
Oct 8 2018
5.0
Oct 8 2018
5.0
Version: null
june8
june8
Aug 10 2018
5.0
Aug 10 2018
5.0
Version: null
asimo
asimo
Oct 4 2017
5.0
Oct 4 2017
5.0
Version: null
Zsoltmagscreen
Zsoltmagscreen
Sep 27 2016
5.0
Sep 27 2016
5.0
Version: null
sjk
sjk
Mar 1 2016
5.0
Mar 1 2016
5.0
Version: null
Donmontalvo
Donmontalvo
Nov 23 2015
5.0
Nov 23 2015
5.0
Version: null
B-Jefferson-Le-Blanc
Feb 4 2015
5.0
Version: null
Wts
Wts
Sep 5 2014
5.0
Sep 5 2014
5.0
Version: null
GeogProf
GeogProf
Sep 12 2011
5.0
Sep 12 2011
5.0
Version: null
Elsamiro
Elsamiro
Aug 9 2009
5.0
Aug 9 2009
5.0
Version: null
Guest
Guest
Jul 20 2009
5.0
Jul 20 2009
5.0
Version: null