Pinned post

Suspicious Package lets you open macOS Installer packages to see what they'd install and what scripts they'd run.

Follow this account for announcements of new versions, and (probably very) occasional tips about how to make the most of the app.

I'm not planning a Suspicious Package release to coincide with Sonoma this year, since I didn't find any significant issues with version 4.3.3 on the macOS 14 Release Candidate -- a pleasant change, that.

I did debug and write about some strange macOS behavior around App Management and App Data protections here: mothersruin.com/software/Suspi

That said, if you've run into other issues with Suspicious Package on Sonoma, let me know...

Version 1.6 is out now. It adds a new "Launch Information" inspector that gives visibility into launchd job definitions and the new-to-Sonoma launch constraint mechanism. There are also smaller usability improvements and a fix to prevent the Quick Look preview extension from behaving badly in the background.

More info at mothersruin.com/software/Appar

Someone pointed out to me that the Suspicious Package 4.3.3 disk image is flagged as malicious by 1 of 59 vendors on VirusTotal.

I've examined the product dmg carefully for any sign of compromise, and found nothing. I also checked all of the Mach-O binaries in VirusTotal, and they all show up clean.

So I believe this to be a false positive from this one engine. But if anyone has any reason to believe otherwise, let me know!

Show thread

Version 4.3.3 fixes a single bug, but one that could cause the Quick Look Preview extension to churn through CPU in the background indefinitely, which seemed obnoxious enough to fix right away. Sorry about that!
mothersruin.com/software/Suspi

Version 1.5.1 is out, and gives you the minimum macOS version requirement at a glance.

More info at mothersruin.com/software/Appar

Version 4.3.2 is out now, and adds an "Open With Suspicious Package" service -- available from the Finder context menu, even on macOS 13.3, where the standard Open With submenu has been restricted to the Installer.

There are also a few other improvements and fixes. More info at mothersruin.com/software/Suspi

If you've updated to macOS 13.3, and are wondering why you can't use the Finder's context menu to Open With > Suspicious Package, it's not just you:

mothersruin.com/software/Suspi

This looks intentional, so we're working on alternatives...

From the "We built it for ourselves but maybe someone else will want it?" department at Mothers Ruin Software, a new debugging app for macOS:

Archaeology makes it easier -- or just possible -- to inspect different kinds of binary files that are common on macOS ... and to follow the trail of one binary format that wraps another one.

mothersruin.com/software/Archa

Version 4.3.1 is out now, with a few small changes, including a fix for a crash that could occur in the background after using Compare Packages with BBEdit.

More info at mothersruin.com/software/Suspi

Props to @ccgus for pioneering this please-don't-make-me-use-the-Apple-Help-Viewer technique in Acorn, and for writing about it many years ago.

shapeof.com/archives/2015/8/ac

Show thread

Here's a meta-tip: the copious documentation for Suspicious Package lives on our website, but is easily searchable from within the app itself.

Open the Help menu and type in the Search box: choosing an item under Help Topics will open the appropriate User Guide or FAQ section in your default web browser.

Suspicious Package lets you open macOS Installer packages to see what they'd install and what scripts they'd run.

Follow this account for announcements of new versions, and (probably very) occasional tips about how to make the most of the app.

Indie Apps

indieapps.space is dedicated to hosting accounts for mobile and desktop applications developed by small, independent developers and development teams (no personal accounts, please).