Suspicious Package is a plugin for the Quick Look feature of Mac OS X 10.5 (Leopard) and 10.6 (Snow Leopard). It allows you to preview the contents of a standard Apple installer package without launching the Installer. Just select the icon in the Finder and select Quick Look.
You can click on individual folder names to see their contents, or click the Show Contents button to see all content at once. Suspicious Package also alerts you to packages that require an administrator password, or that require you restart your machine after installation.
What is new in this release:
Added support for macOS 10.13 (High Sierra). This included fixing a crash that might occur when closing windows, and correcting the way that revoked certificates are displayed (they had been shown as generically untrusted rather than as explicitly revoked).
If a package has a verified signing time, Suspicious Package now shows that information when you use Window > Signature Details (Command-5). This is particularly interesting when the certificate would be otherwise considered expired.
Fixed a problem where a prior install was (sometimes) not noted on the Package Info tab.
The Suspicious Package app now tries harder to activate its Quick Look plug-in, especially after the app has been moved or updated, or after macOS has been updated (more info).
Removed support for OS X 10.10 (Yosemite) and OS X 10.9 (Mavericks).
Updated the license agreement to be a bit more explicit, although it is still quite minimalist. Use Help > License Agreement to access it from within the app.
What is new in version 3.2:
Added support for macOS 10.12 (Sierra).
Fixed compatibility problems with Sierra's automatic window tabs feature, including the broken Window > Show Previous Tab and Window > Show Next Tab commands. Read more about window tabs in Suspicious Package.
In the Quick Look preview, added Show in Suspicious Package buttons, which open the app directly to a specific file, folder or installer script. From the file browser, hold down the Command key to reveal the Show in Suspicious Package buttons; from the scripts browser, select the script and the button will be shown next to the script name.
Especially on Sierra, be sure to download the disk image, not the XIP archive (more info).
What is new in version 3.1:
- Initial app version of Suspicious Package (which now bundles the Quick Look plug-in).
- Finder-like browsing of installed files, with additional metadata.
- Viewing of installer scripts in proper editor UI, with clipboard and find support.
- Ability to open installer scripts in external applications.
- Support for searching and filtering across files or scripts, and for saving searches.
- Tracking of browsing history to provide Back and Forward navigation.
- Tab-based UI, with ability to open multiple tabs for files or scripts.
- Performs analysis of package and flags potential issues for user review.
- Scriptability via AppleScript.
- Support for OS X 10.11 (El Capitan), OS X 10.10 (Yosemite) or OS X 10.9 (Mavericks). Removed support for OS X 10.8 (Mountain Lion).
What is new in version 2.0.1:
- Fixed problem introduced by the OS X 10.10.2 update (reported to Apple as Quick Look bug 19664886), where Suspicious Package would show only a mess of un-styled text instead of a proper Quick Look preview.
What is new in version 2.0:
- Improved display of files to be installed. Automatically expands to show top-level bundles, frameworks and Unix directories. Option-click on a closed folder to show everything inside it.
- Shows version information for bundles, where available. Click on the version number to cycle through other available information, such as the bundle identifier.
- Enhanced and more complete display of package scripts. Click “Runs X install scripts” to see all the scripts in the package, including those invoked by other scripts in a flat-style package. Shows additional information about how scripts are invoked, with what arguments.
- Shows scripts that may be run immediately upon opening the package, e.g. to check system requirements. These are what trigger the confounding “this package will run a program” warning in the OS X Installer.
- Shows status of the package signature, if present. Allows examination of the certificate chain used to sign the package details].
- Indicates if the package contains plug-ins that customize the Installer UI. These also contain code that may run immediately upon opening the package (and also trigger the “this package will run a program” warning).
- Added proper support for Macs with Retina displays.
- Added periodic (monthly) check for future updates to Suspicious Package. When an update is available, a button will appear at the bottom of the Suspicious Package preview window details.
- Support for OS X 10.9 (Mavericks) and OS X 10.8 (Mountain Lion). Removed support for OS X 10.7 (Lion) and OS X 10.6 (Snow Leopard). Preliminary support for OS X 10.10 (Yosemite), as of DP7.