Most software developers provide us with a method to check if someone’s tampered with their software. They do this by calculating a mathematical value, a so-called cryptographic “checksum”, that they assign to their files. We typically encounter “SHA256” and “MD5” checksums, depending on the algorithm used. So before you install software, you should know how to verify the software integrity by comparing the checksums of the downloaded files with the values on the developer’s website.
You can easily do this in macOS Terminal, using the following commands:
shasum -a 256 [path-of-downloaded-file]
or:
md5 [path-of-downloaded-file]
To verify the software integrity, copy the resulting checksum value, open the checksum page on the developer’s website and paste the copied value to see if there’s a match with the file you’ve downloaded.
That’s all there is to it. You can now protect yourself from installing software that’s been tampered with. As always: when in doubt, don’t install!