Suspicious Package is a plugin for the Quick Look feature of Mac OS X 10.5 (Leopard) and 10.6 (Snow Leopard). It allows you to preview the contents of a standard Apple installer package without launching the Installer. Just select the icon in the Finder and select Quick Look.
You can click on individual folder names to see their contents, or click the Show Contents button to see all content at once. Suspicious Package also alerts you to packages that require an administrator password, or that require you restart your machine after installation.
What is new in this release:
Added support for macOS 10.12 (Sierra).
Fixed compatibility problems with Sierra's automatic window tabs feature, including the broken Window > Show Previous Tab and Window > Show Next Tab commands. Read more about window tabs in Suspicious Package.
In the Quick Look preview, added Show in Suspicious Package buttons, which open the app directly to a specific file, folder or installer script. From the file browser, hold down the Command key to reveal the Show in Suspicious Package buttons; from the scripts browser, select the script and the button will be shown next to the script name.
Especially on Sierra, be sure to download the disk image, not the XIP archive (more info).
What is new in version 3.1:
- Initial app version of Suspicious Package (which now bundles the Quick Look plug-in).
- Finder-like browsing of installed files, with additional metadata.
- Viewing of installer scripts in proper editor UI, with clipboard and find support.
- Ability to open installer scripts in external applications.
- Support for searching and filtering across files or scripts, and for saving searches.
- Tracking of browsing history to provide Back and Forward navigation.
- Tab-based UI, with ability to open multiple tabs for files or scripts.
- Performs analysis of package and flags potential issues for user review.
- Scriptability via AppleScript.
- Support for OS X 10.11 (El Capitan), OS X 10.10 (Yosemite) or OS X 10.9 (Mavericks). Removed support for OS X 10.8 (Mountain Lion).
What is new in version 2.0.1:
- Fixed problem introduced by the OS X 10.10.2 update (reported to Apple as Quick Look bug 19664886), where Suspicious Package would show only a mess of un-styled text instead of a proper Quick Look preview.
What is new in version 2.0:
- Improved display of files to be installed. Automatically expands to show top-level bundles, frameworks and Unix directories. Option-click on a closed folder to show everything inside it.
- Shows version information for bundles, where available. Click on the version number to cycle through other available information, such as the bundle identifier.
- Enhanced and more complete display of package scripts. Click “Runs X install scripts” to see all the scripts in the package, including those invoked by other scripts in a flat-style package. Shows additional information about how scripts are invoked, with what arguments.
- Shows scripts that may be run immediately upon opening the package, e.g. to check system requirements. These are what trigger the confounding “this package will run a program” warning in the OS X Installer.
- Shows status of the package signature, if present. Allows examination of the certificate chain used to sign the package details].
- Indicates if the package contains plug-ins that customize the Installer UI. These also contain code that may run immediately upon opening the package (and also trigger the “this package will run a program” warning).
- Added proper support for Macs with Retina displays.
- Added periodic (monthly) check for future updates to Suspicious Package. When an update is available, a button will appear at the bottom of the Suspicious Package preview window details.
- Support for OS X 10.9 (Mavericks) and OS X 10.8 (Mountain Lion). Removed support for OS X 10.7 (Lion) and OS X 10.6 (Snow Leopard). Preliminary support for OS X 10.10 (Yosemite), as of DP7.