Suspicious Package: cool, free utility looks into .pkg files

bowline · December 9, 2018, 3:37pm

I just downloaded a totally innocuous app to evaluate, NoteCase Pro, and after macOS gave me the standard warning that it came from an unidentified developer (not a big deal), I also got some pop-ups from a free QuickLook plugin (that I’d forgotten I’d installed) for examining Installer packages - Supicious Package from Randy Saldinger:

https://www.mothersruin.com/software/SuspiciousPackage/

What a super little utility. It gave me specifics about the pkg file, let me look at the install files, and more:

I wish I knew more about the dev. This utility is free (not even a donation request!), and the dev’s only active internet presence seems to be his Instagram page.

Neat little utility.

vco1 · December 9, 2018, 3:58pm

So what’s your point? That shell script looks pretty harmless and the only warning you got was that the package wasn’t signed.

The bash script is just opening the releasenotes by the way. However, for note taking applications there are many (well-known) alternatives. Don’t know why you’re installing this one.

anon41602260 · December 9, 2018, 3:58pm

Packages are easy to browse. Right click or ^click a package and choose Show Package Contents.

The package is revealed as the folder it is.

Or just change the extension on the package, which will make it a folder, then change it back.

bowline · December 9, 2018, 4:11pm

That I was recommending a cool, free utility in the SOFTWARE forum.

bowline · December 9, 2018, 4:13pm

Yes, but they don’t let you easily view the contents via QuickLook, nor do they let you sift through all your .pkg files so easily.

martijnengler · December 9, 2018, 5:04pm

Thanks for sharing!

In this case it seems like there’s not suspicious about the PKG, but it’s always nice to have something like this in your tool belt.