When I downloaded the demo, though, I was a bit surprised to see it was a package installer (.pkg extension). Typically, a package installer is used for system extensions, or other complex installs that have bits that go into many different places.
Being the curious sort, I wanted to see what the package would install before I installed it. You can do this the hard way, by drilling into the package in Finder (Right-click and Show Package Contents), but there’s an app for that.
In the past, I’ve used CharleSoft’s Pacifist to peer into packages. However, it’s a $20 application, and somewhere along the line, I lost my registration information (or maybe I hadn’t ever registered). In any event, I wondered if there were any less-expensive alternatives that did the same thing, as I only use an app like this maybe a few times a year.
A bit of web searching led me to the free Suspicious Package, so I gave it a try (hard to beat free). What I found is a very nicely done app that has replaced Pacifist for my occasional forays into packages.
Like Pacifist, the most useful feature (to me, anyway) of Suspicious Package is that it includes a Quick Look plug-in, which is installed by default. (Pacifist’s Quick Look plug-in is a prompt-to-install on first launch.) With the plug-in, there’s no need to open Suspicious Package to see what the installer is going to do; just select the .pkg file in Finder and press the Space Bar:
This first screen gives a good picture of the package: I can see that it’s signed, how/when it was downloaded, how many install scripts it runs, and where the files will be installed. Most of the time, that’s all I really want to see before installing a package. But if I want more detail, I can easily launch Suspicious Package directly from Quick Look…or even explore further within the Quick Look window.
For example, clicking on the “Runs 5 install scripts” takes me to another page that shows the scripts. Select one on that page, and you can see the content of the script:
This script, for instance, reveals why the demo is a package installer: MoneyWorks has a command line component that’s installed via script—the script creates a link to the command line tool in the user’s /usr/local/bin folder (creating that folder if necessary). It then links to man pages for the component. This is the kind of information I like to know before I run an installer, and I was able to get it all from a Quick Look window.
If you launch the Suspicious Package app, there’s tons of detail available. Its window contains three main tabs: Package Info is similar to the Quick Look window, All Files lets you drill into the files in the package, and All Scripts lets you browse the scripts the installer will run.
You can also open new tabs, search for files, and do many other things—99% of which I’ll never use. For me, the Quick Look capabilities alone make this app worth the drive space. And now that I know what MoneyWorks installs and why, I’m off to look at the demo.