Some software is provided with a checksum for ensuring it hasn’t been tampered with, here’s how to check it.
Run this in Terminal, it will generate a hash which should be compared with the one provided by your trusted source.
shasum -a 256 <filename>
Code language: HTML, XML (xml)
The example above uses a 256-bit SHA hash, you may change it to suit your needs.