Safety guide

Developer package safety

Safety checks before inspecting JAR, APK, WHL, NUPKG, VSIX, and other software packages.

Safe archive checklist

  1. Confirm the source before opening the archive.
  2. Check whether the file is a normal archive, an app package, or a disk image.
  3. Look for executable files before running anything inside.
  4. Keep private files local unless you fully trust the upload service.
  5. Use the ZIP checker or extension checker when the file behaves strangely.

What to avoid

Avoid fake download buttons, unknown upload extractors, unexpected password-protected archives, and files that ask you to disable security protections.

Use the safety checklist Verify a file hash