diff --git a/server/ingestLogs.js b/server/ingestLogs.js
index 55cdd7b..db3f768 100644
--- a/server/ingestLogs.js
+++ b/server/ingestLogs.js
@@ -1,7 +1,6 @@
 const parseURL = require('url').parse
 const startOfDay = require('date-fns/start_of_day')
 const addDays = require('date-fns/add_days')
-const validateNPMPackageName = require('validate-npm-package-name')
 const parsePackageURL = require('./utils/parsePackageURL')
 const CloudflareAPI = require('./CloudflareAPI')
 const StatsAPI = require('./StatsAPI')
@@ -67,10 +66,7 @@ function computeCounters(stream) {
           const url = parsePackageURL(parseURL(clientRequest.uri).pathname)
           const packageName = url && url.packageName
 
-          if (
-            packageName &&
-            validateNPMPackageName(packageName).errors == null
-          ) {
+          if (packageName) {
             incr(
               `stats-packageRequests-${dayKey}`,
               packageName,
diff --git a/server/utils/__tests__/parsePackageURL-test.js b/server/utils/__tests__/parsePackageURL-test.js
index ab44c5a..3a24513 100644
--- a/server/utils/__tests__/parsePackageURL-test.js
+++ b/server/utils/__tests__/parsePackageURL-test.js
@@ -80,5 +80,6 @@ describe('parsePackageURL', () => {
 
   it('returns null for invalid pathnames', () => {
     expect(parsePackageURL('history')).toBe(null)
+    expect(parsePackageURL('/.invalid')).toBe(null)
   })
 })
diff --git a/server/utils/parsePackageURL.js b/server/utils/parsePackageURL.js
index f61c726..fd7e928 100644
--- a/server/utils/parsePackageURL.js
+++ b/server/utils/parsePackageURL.js
@@ -1,4 +1,5 @@
 const url = require('url')
+const validatePackageName = require('./validatePackageName')
 
 const URLFormat = /^\/((?:@[^\/@]+\/)?[^\/@]+)(?:@([^\/]+))?(\/.*)?$/
 
@@ -19,9 +20,14 @@ function parsePackageURL(packageURL) {
 
   const match = URLFormat.exec(pathname)
 
+  // Disallow invalid URL formats.
   if (match == null) return null
 
   const packageName = match[1]
+
+  // Disallow invalid npm package names.
+  if (!validatePackageName(packageName)) return null
+
   const packageVersion = decodeParam(match[2]) || 'latest'
   const filename = decodeParam(match[3])
 
diff --git a/server/utils/validatePackageName.js b/server/utils/validatePackageName.js
new file mode 100644
index 0000000..0be37e2
--- /dev/null
+++ b/server/utils/validatePackageName.js
@@ -0,0 +1,7 @@
+const validateNpmPackageName = require('validate-npm-package-name')
+
+function validatePackageName(packageName) {
+  return validateNpmPackageName(packageName).errors == null
+}
+
+module.exports = validatePackageName