Every macOS Installer Package Looks the Same

Consider a few macOS Installer packages:

One contains a useful and well-designed product, which can't be easily installed using drag-and-drop.

One contains well-intentioned software that will nevertheless splatter pieces all over your startup disk.

One contains a vital component — like a scanner driver — but will also install a handful of annoying, unwanted applications that the driver vendor distributes in return for “promotional consideration.”

One contains malware that will infest your system and your network, and probably ruin your week.

Which one is which? ¯\_(ツ)_/¯ The answer in macOS has traditionally been “install it and find out!”

The built-in security features of macOS — such as Gatekeeper, package signing and most recently, notarization — might rule out malware ... if you're lucky. But there's still a huge gray area between that and a well-designed package.

Look Inside Them with Suspicious Package

With Suspicious Package, you can open a macOS Installer package and see what's inside, without installing it first.

Where does it come from? See who signed it

Check where it was downloaded from

See if Apple notarized it What does it install? Browse installed files

See versions and other metadata

Open text files and property lists

Export individual files or folders What else does it do? See scripts it will run

Examine installer “receipts”

Review potential issues

Or Get a Quick Look

Suspicious Package also includes a plug-in for the macOS Quick Look feature.

So you don't even have to open the app for the basics; just select a package and hit the spacebar:

Want to Know More?

Download Suspicious Package here, or learn more here.

(No, this is not the same thing as Show Package Contents in Finder. It's also safer and more comprehensive than Show Files in the macOS Installer.)