Inspect the contents of .pkg installer packages, verify their security, extract contained files, and analyze install scripts, without actually running the installer. #PKG Preview #Extract PKG #Analyze PKG #PKG #Installer #Preview
macOS installer packages (.pkg files) are curious. Some are completely unnecessary, some are required for properly installing specific software, and others might contain bloatware or even malware. The problem is, how can you tell which is which?
Suspicious Package is one way to do it. It’s a free app that allows you to peek inside .pkg files before running them. You can see what they contain, check their signature and notarization status, analyze install scripts, and extract files.
To get some basic info, you can simply use Quick Look. The app’s plugin will provide additional details in this view, such as previous installations, developer ID, notarization, and the number of install scripts to be run. If you need more details, you can open it with Suspicious Package directly.
The easiest way to do that is by dropping the .pkg file onto the app’s Dock icon. Here, information is split into multiple tabs, with the second showing you all the files contained in the package. You can inspect these with Quick Look or just drag them to Finder to extract them.
If security is on your mind, you can check the package’s signature and the developer ID certificate, whether it’s been notarized by Apple, and which install scripts it’s configured to run. If Suspicious Package finds any issues, it will present them for you to review.
The third tab concerns scripts, and this is where you’re going to need a bit of know-how if you want to figure out if a package is safe or not. Every install script will be listed, and the code open for analysis.
Whatever your reasoning for not just running installer packages directly, this app will be up to the task. You can extract apps and inspect or install them yourself, make sure the package is signed and notarized, and comb through install scripts for any indication of malware.
When combined with Apparency, it becomes even easier to get app details from .pkg files without even extracting them. You get a ton of functionality in a very intuitive package, and it’s completely free to boot.
What's new in Suspicious Package 4.4:
- Added File > Show Launch Information for Item, which can be used on code-signed bundles or executables. It shows the code signing identity, as well as any explicit launch constraints that will gate the launch of that component on macOS 14 (Sonoma).
- Added support for using Beyond Compare for the File > Compare Packages command. This can be configured via Suspicious Package > Preferences > Compare > Compare Packages Using.
- Added a Swedish localization — thanks to Frank Winterpil for making this possible!
- Updated the French localization — thanks to Olivier Prompt for keeping this going for so many years!
Suspicious Package 4.4
Softpedia Editor's Pick add to watchlist add to download basket send us an update REPORT- runs on:
- macOS 12.0 or later (Universal Binary)
- file size:
- 6.8 MB
- filename:
- SuspiciousPackage.dmg
- main category:
- Utilities
- developer:
- visit homepage