Suspicious Package for Mac
Preview contents of installer packages.
When you purchase through links on our site, we may earn an affiliate commission
Suspicious Package overview
With Suspicious Package, you can find out important information about those package files you download. Do you know what files that OS X Installer package actually installs?... Do you know what scripts it runs during installation, and what they do?... Do you know who the package really came from?... Maybe you're quite literally suspicious of a package you've downloaded. Or perhaps you're just curious about what some package does. Or maybe you want to find out after the fact exactly what files a package scattered across your computer. Whatever the reason, Suspicious Package allows you to see inside an installer package. (And it's completely free.)
Suspicious Package is now actually both an OS X application,... and a plug-in for the Quick Look feature of OS X.
What’s new in version 4.4
- Added File > Show Launch Information for Item, which can be used on code-signed bundles or executables. It shows the code signing identity, as well as any explicit launch constraints that will gate the launch of that component on macOS 14 (Sonoma).
- Added support for using Beyond Compare for the File > Compare Packages command. This can be configured via Suspicious Package > Preferences > Compare > Compare Packages Using.
- Added a Swedish localization — thanks to Frank Winterpil for making this possible!
- Updated the French localization — thanks to Olivier Prompt for keeping this going for so many years!
- When using File > Show Item as Property List, you can now Control-click on an item (whether dictionary key or array item) to copy various bits to the clipboard: the key, the value or a new property list with just that item, in XML format. If the value is a pure data type, you can copy it as a hex string, or export it to a new file.
- When using File > Show Item as Property List on Info.plist files, File > Show Entitlements for Item, or File > Show Entitlements for All Executables, recent search terms will now be preserved across packages and app launches.
- Improved the handling of certain packages containing executables with older 32-bit Intel (or still older PowerPC) architecture support, so that they don't show (confusingly) as having “mixed Apple Silicon and Intel support” on the Package Info tab.
- Fixed a bug where Kaleidscope 4 might not be able to be selected via Suspicious Package > Preferences > Compare > Compare Packages Using. If you had Kaleidscope 3 previously configured, version 4 would've worked, but Suspicious Package got confused because version 4 has a different bundle identifier. Now it should properly recognize version 4 and/or 3 in the UI. (In either case, Suspicious Package uses /usr/local/bin/ksdiff to initiate a compare, and it's up to that tool to choose which app to talk to.)
- Fixed a bug where the entitlements for certain executables were not properly shown. (DER-format entitlements with dictionary values were not correctly decoded.)
- Avoid triggering the macOS alert that “Suspicious Package would like to access data from other apps” when previewing a macOS Full Installer package. As explained here, Suspicious Package wasn't trying to access the data from anything other than its own Quick Look Preview extension, and it didn't really matter if you disallowed it. But it was annoying!
- When exporting an item from a package, Suspicious Package will now ensure that all files are both readable and writable for the current user, regardless of the permissions specified by the package. It has always done this for directories (largely so that the exported item can be easily removed after examination), but non-writable files can trigger other subtle problems, such as not being able to remove the quarantine attribute and possibly triggering the app translocation behavior. Note that Suspicious Package has always ignored the package-specified ownership when exporting — one of the many ways that exporting is not installing.
- Allow the use of File > Show Package in Finder (Cmd-Option-R) from the Welcome to Suspicious Package window, in case you want to reveal the selected package without having to open it first.
- Removed support for macOS 11 (Big Sur).
Suspicious Package for Mac
Free
In English
Version 4.4
What users say about Suspicious Package
Try our new feature and write a detailed review about Suspicious Package
What customer like
Performance
What needs improvements
Customization
(18 Reviews of Suspicious Package)
Comments
User Ratings
Dec 16 2022
Version: 4.3.1
Unfortunately the new version is for Big Sur or higher.
But I highly recommend this app for anyone "curious" or "paranoid"
You can see inside installers and make your digital life a bit more secure.
Mar 17 2022
Version: 4.2
...it is very complete; what happens is that I have little need to use it ...
Jul 11 2020
Version: 3.5.3
Very impressed. Software is exceptionally well designed, easy to use, and teaches the user about how installer packages are created though Suspicious Package's use. While I love Pacifist, Suspicious Package (SP) has become my go-to and I set it as my default '.pkg' file opener.
It would be awesome if SP could have a setting where you drag your favorite anti-virus software into an image well and it would then offer the ability to open whatever package you are analyzing into that AV software whenever you run SP. (sub launch with file)
May 8 2019
Version: 3.4.1
Essential tool to see what sorts of sneaky sludge an app may want to stuff into your system.
Oct 8 2018
Version: 3.3.2
Love this app. Very convenient way to figure out what will be installed by a .pkg beforehand. I mostly use it through QuickLook, but the app itself provides additional features that are quite handy too.
