diff --git a/packages/artifact/__tests__/download-artifact.test.ts b/packages/artifact/__tests__/download-artifact.test.ts
index a593c709..11707a64 100644
--- a/packages/artifact/__tests__/download-artifact.test.ts
+++ b/packages/artifact/__tests__/download-artifact.test.ts
@@ -13,7 +13,7 @@ import {
   streamExtractExternal
 } from '../src/internal/download/download-artifact'
 import {getUserAgentString} from '../src/internal/shared/user-agent'
-import {noopLogs} from './common'
+//import {noopLogs} from './common'
 import * as config from '../src/internal/shared/config'
 import {ArtifactServiceClientJSON} from '../src/generated'
 import * as util from '../src/internal/shared/util'
@@ -88,7 +88,7 @@ const expectExtractedArchive = async (dir: string): Promise<void> => {
 }
 
 const setup = async (): Promise<void> => {
-  noopLogs()
+  //noopLogs()
   await fs.promises.mkdir(testDir, {recursive: true})
   await createTestArchive()
 
@@ -180,7 +180,7 @@ describe('download-artifact', () => {
       expect(response.downloadPath).toBe(fixtures.workspaceDir)
     })
 
-    it('should not allow path traversal from malicious artifacts', async () => {
+    it.only('should not allow path traversal from malicious artifacts', async () => {
       const downloadArtifactMock = github.getOctokit(fixtures.token).rest
         .actions.downloadArtifact as MockedDownloadArtifact
       downloadArtifactMock.mockResolvedValueOnce({
diff --git a/packages/artifact/src/internal/download/download-artifact.ts b/packages/artifact/src/internal/download/download-artifact.ts
index 358044f1..9781ce90 100644
--- a/packages/artifact/src/internal/download/download-artifact.ts
+++ b/packages/artifact/src/internal/download/download-artifact.ts
@@ -94,10 +94,12 @@ export async function streamExtractExternal(
       })
       .pipe(unzip.Parse())
       .on('entry', (entry: unzip.Entry) => {
-        const entryPath = path
-          .normalize(entry.path)
-          .replace(/^(\.\.(\/|\\|$))+/, '')
-        const fullPath = path.join(directory, entryPath)
+        console.log(`entryPath: ${entry.path}`)
+        const fullPath = path.normalize(path.join(directory, entry.path))
+        console.log(`fullPath: ${fullPath}`)
+        if (fullPath.indexOf(directory) != 0) {
+          reject(new Error(`Invalid file path: ${fullPath}`))
+        }
         core.debug(`Extracting artifact entry: ${fullPath}`)
         if (entry.type === 'Directory') {
           promises.push(resolveOrCreateDirectory(fullPath).then(() => {}))