osquery-1/specs/darwin/package_receipts.table

table_name("package_receipts")
description("OS X package receipt details.")
schema([
    Column("package_id", TEXT, "Package domain identifier"),
    Column("package_filename", TEXT, "Filename of original .pkg file"),
    Column("version", TEXT, "Installed package version"),
    Column("location", TEXT, "Optional relative install path on volume"),
    Column("install_time", INTEGER, "Timestamp of install time"),
    Column("installer_name", TEXT, "Name of installer process"),
    Column("path", TEXT, "Path of receipt plist",
      index=True, additional=True),
])
implementation("packages@genPackageReceipts")
examples([
  "select * from package_bom where path = '/var/db/receipts/com.apple.pkg.MobileDevice.bom'"
])