The table below summarizes the released versions of Suspicious Package, and what
fixes and enhancements were made to each version. You can determine the
version you have installed from Suspicious Package > About,
or by checking the bottom of any Quick Look preview generated by Suspicious Package.
Release History for Suspicious Package
Released on June 2, 2019
Added Receipts tab, showing information about component packages and any
matching receipts found on the startup disk. To access the Receipts info:
Use Window > Receipts (Command-6)
In the Package Info tab, click on “Previously installed on...” line
From the spkg tool, use the new --reveal-receipt option (see usage)
From AppleScript, use the new component package element (see Scripting Dictionary)
If macOS reports that the package is notarized, Suspicious Package
shows this on the Package Info tab, and in the Quick Look preview. This is only when running on macOS 10.14 (Mojave).
The notarization status will also be shown by spkg --show-signature, and is available from
AppleScript via the new notarized property on the installer package element.
Restored individual certificate validity information to the signature detail
section of the Quick Look preview.
Fixed various minor bugs, including some performance, scripting and accessibility issues.
Removed support for macOS 10.12 (Sierra) and OS X 10.11 (El Capitan).
Released on December 10, 2018
Improved the “Welcome to Suspicious Package” window to behave
better when Spotlight finds non-local packages — such as packages
in iCloud Drive or some other download-on-demand cloud provider. (Well, we think
it performs better, but we're not in a position to test every cloud provider, and
haven't received any actionable information. If you see problems with this and care to help
us debug it, please contact us.)
Fixed a bug that could cause items to be omitted when exporting a folder from
certain unusually constructed packages. (These items were always shown in the All
Files tab; this bug affected only the completeness of the export.)
Fixed a handful of minor bugs.
Released on September 17, 2018
Enhanced for Dark Mode appearance and accent color preferences on macOS 10.14 (Mojave).
Added “Welcome to Suspicious Package” window, giving
quick access to recently downloaded packages, and guidance for new users.
Added ability to open InstallESD.dmg without changing the file
extension first. [Read More]
Updated for general compatibility with macOS 10.14 (Mojave).
This version still works back to OS X 10.11 (El Capitan), but will likely
be the last significant update that does.
Removed the “Move Old Plug-in to Trash” feature, since the
standalone version of the Quick Look plug-in is long gone.
Uses TLS (a.k.a. HTTPS) for update checking and for linking to the
User Guide and FAQ. (These have been redirecting since July 2018, but we now use HTTPS directly.)
Fixed a bug where exporting certain high-level folders would fail, remaining stuck forever
as “Waiting for other exports.”
A secondary click (i.e. a control-click or a right-click) on an item in the All Files
tab will now offer a context menu, similar to the Action menu on the toolbar: this can be
used to quickly export or open a particular item that is already under the mouse pointer.
This also works for items in the scripts browser.
In the Info pane, if you click on the Kind, Owner, Group or Permissions to change the view of that metadata
attribute, Suspicious Package will now keep that choice for future windows or tabs (so that you don't
have to keep changing it every time). Of course, you can the attribute again at any point; the last view you
selected for a given attribute will always be the new default.
Released on January 18, 2018
Added the “spkg” command-line tool, which can be used to quickly open a package in
Suspicious Package. This can also be used to retrieve information about the package signature from
the Terminal (or from a shell script). For more information about the “spkg” tool —
and how to install it — see the User Guide.
Fixed a bug where the Scripts Browser would sometimes show scripts in an apparently arbitrary order, when
using macOS 10.13 (High Sierra) and the Apple File System (APFS).
Fixed a bug where the Export Item and Open With commands were
incorrectly enabled for receipts, which don't have the actual installed files
for exporting or opening. (Of course, those files might actually be installed on the system, depending on what has
happened since the install that created the receipt.)
Fixed a bug where setting Suspicious Package as the default application for installer packages —
via Finder's File > Get Info > Open With > Change All — would cause a generic
document icon to be used for packages in the Finder (more info).
Released on September 15, 2017
Added support for macOS 10.13 (High Sierra). This included fixing a crash that might occur
when closing windows, and correcting the way that revoked certificates are displayed (they had been
shown as generically untrusted rather than as explicitly revoked).
If a package has a verified signing time, Suspicious
Package now shows that information when you use Window > Signature Details
(Command-5). This is particularly interesting when the certificate would be otherwise considered expired.
Fixed a problem where a prior install was (sometimes) not noted on the Package Info tab.
The Suspicious Package app now tries harder to activate its Quick Look plug-in, especially after
the app has been moved or updated, or after macOS has been updated
Removed support for OS X 10.10 (Yosemite) and OS X 10.9 (Mavericks).
Updated the license agreement to be a bit more explicit, although it is still
quite minimalist. Use Help > License Agreement to access it from within the app.
Released on September 10, 2016
Added support for macOS 10.12 (Sierra).
Fixed compatibility problems with Sierra's automatic window tabs feature, including the broken
Window > Show Previous Tab and Window > Show Next Tab
commands. Read more about window tabs in Suspicious Package.
In the Quick Look preview, added Show in Suspicious Package buttons, which
open the app directly to a specific file, folder or installer script. From the file browser, hold down
the Command key to reveal the Show in Suspicious Package buttons; from the
scripts browser, select the script and the button will be shown next to the script name.
Added support for exporting a selected file or folder, allowing its content to be inspected:
Use File > Export Item — or drag the item into the Finder — to start an export.
Click the Exports toolbar button
to see and manage running and completed exports.
From AppleScript, use the new export command to start an export.
Added support for opening certain installed files in another application. This includes plain text files
and property lists that are reasonably small. Use File > Open Item With.
Added a way to reveal an installer script in the Finder, so it can be easily manipulated even if no
apps are available to directly open it. Use File > Open Item With > Finder.
Searching from the Help menu now finds information from the
User Guide and FAQ.
Fixed a problem where temporary items (such as installer scripts that had been opened in
another application) would not always get deleted when the Suspicious Package
window was closed. (OS X would eventually delete these, but Suspicious Package
now does a better job of cleaning them up in a timely manner.)
Released on February 29, 2016
Initial app version of Suspicious Package (which now bundles the Quick Look plug-in).
Finder-like browsing of installed files, with additional metadata.
Viewing of installer scripts in proper editor UI, with clipboard and find support.
Ability to open installer scripts in external applications.
Support for searching and filtering across files or scripts, and for saving searches.
Tracking of browsing history to provide Back and Forward navigation.
Tab-based UI, with ability to open multiple tabs for files or scripts.
Performs analysis of package and flags potential issues for user review.
Scriptability via AppleScript.
Support for OS X 10.11 (El Capitan), OS X 10.10 (Yosemite) or OS X 10.9 (Mavericks).
Removed support for OS X 10.8 (Mountain Lion).
Released on November 11, 2015
Fixed a problem where, for certain untrusted package signatures, the individual
certificates may have been shown as valid (when the certificate details were disclosed).
The overall package signature status was always shown correctly — as untrusted —
but the per-certificate status might have been inconsistent with that top-level untrustworthiness.
Fixed a problem where a package with a damaged Bom file would not be reported as
Fixed a problem where certain packages that could be installed into the user's home
directory (such as Suspicious Package's own package!) would not be designated as such.
Fixed a problem with the icons on folders with omitted contents (in packages with an
exceptionally large number of files). On OS X 10.11 (El Capitan), these were being
shown with a generic document icon, instead of a “private” folder icon.
Released on February 3, 2015
Fixed problem introduced by the OS X 10.10.2 update (reported to Apple as Quick Look bug
where Suspicious Package would show only a mess of un-styled text instead of a proper
Quick Look preview.
Released on September 3, 2014
Improved display of files to be installed. Automatically expands to
show top-level bundles, frameworks and Unix directories. Option-click
on a closed folder to show everything inside it.
Shows version information for bundles, where available. Click on the version number
to cycle through other available information, such as the bundle identifier.
Enhanced and more complete display of package scripts. Click “Runs X
install scripts” to see all the scripts in the package, including those
invoked by other scripts in a flat-style package. Shows additional
information about how scripts are invoked, with what arguments.
Shows scripts that may be run immediately upon opening the package, e.g.
to check system requirements. These are what trigger the confounding
“this package will run a program” warning in the OS X Installer.
Shows status of the package signature, if present. Allows examination of
the certificate chain used to sign the package
Indicates if the package contains plug-ins that customize the Installer
UI. These also contain code that may run immediately upon opening the package
(and also trigger the “this package will run a program” warning).
Added proper support for Macs with Retina displays.
Added periodic (monthly) check for future updates to Suspicious Package.
When an update is available, a button will appear at the bottom of the
Suspicious Package preview window
Support for OS X 10.10 (Yosemite), OS X 10.9 (Mavericks) and OS X 10.8 (Mountain Lion).
Removed support for OS X 10.7 (Lion) and OS X 10.6 (Snow Leopard).
Released on January 24, 2012
Fixed compatibility problems on Mac OS X 10.7.3 (Lion).
No longer supports Mac OS X 10.5 (Leopard) or PowerPC.
Released on July 19, 2009
Upgraded to work on Mac OS X 10.6 (Snow Leopard).
Fixed various bugs that caused incorrect previews or a generic preview for specific packages.
Released on March 1, 2008
Added support for metapackages.
Fixed problem where the actual installation location was not
shown for some packages.
Added indication when a package requires authentication with
an administrator password.
Added indication when a package requires a system restart
(or shut down, or log out) after installation.
Added indication when a package has install scripts, and an
option to view the actual scripts [details].
Added support for installer receipts and .bom files.
Released on January 27, 2008
Fixed a bug where Suspicious Package would crash — thereby failing
to create a Quick Look preview — if there was a
non-ASCII character in the path to the package.