Suspicious Package is an indispensable tool for macOS with a long history, and surprisingly, it’s free. I’ve rarely mentioned it, so I thought I’d give it a quick review.

Suspicious Package has been around for as long as I can remember. It’s been steadily updated over the years, and runs perfectly on the latest macOS (Sequoia). It makes inscrutable Package Installers scrutable.

Package Installers on Mac (.pkg) are those downloads that look like a cardboard box with a yellow cube coming out of it. Unlike Disk Images (.dmg) and Zip Archives (.zip), they run scripts and can install to locations you might not expect or be able to locate after install. This can be disconcerting, or at least inconvenient for people who want to know what’s going on on their machine. That’s where Suspicious Package comes in.

This tool will give you a Quick Look extension, so you can just select a .pkg file and hit Space to see what the Package Installer will do — how many files it will install, how many scripts it will run, etc.

This is not the same thing as Show Package Contents in Finder, which will give you little information about what’s going to be installed. It’s also much more informative than Show Files in the macOS Installer app.

Clicking on any info line in the Quick Look preview will open the Suspicious Package app to show you the exact details.

You can click through the app window to preview files and where they’ll be installed, scripts that will run, as well as package info and receipts. In the file viewer, you can see all the metadata for each file, including kind, permissions, and version and Bundle IDs on bundle files (e.g. Mac apps). Scripts can be previewed or opened in an external app. It provides a sweeping overview of your packages, and is also extensively scriptable.

Suspicious Package is free. It’s developed by Randy Saldinger (Mother’s Ruin Software), who doesn’t even accept donations. He says his apps are labors of love, created just because he wanted them to exist. If you want to know what’s going on with your .pkg files (even those you trust), it’s a killer app.

You can follow the development on Mastodon (where the developer is as well).

There’s no reason not to go get Suspicious Package today.