diff --git a/internal/utils/extract.go b/internal/utils/extract.go
index 762fe48d..92e31421 100644
--- a/internal/utils/extract.go
+++ b/internal/utils/extract.go
@@ -49,6 +49,10 @@ func ExtractTarGz(gzipStream io.Reader, destDir string, stripPathComponents int)
 			return nil, err
 		}
 
+		if strings.Contains(header.Name, "..") {
+			return nil, fmt.Errorf("not allowed relative path in tar archive")
+		}
+
 		strippedName := stripComponents(header.Name, stripPathComponents)
 
 		switch header.Typeflag {
@@ -59,10 +63,6 @@ func ExtractTarGz(gzipStream io.Reader, destDir string, stripPathComponents int)
 			}
 			files = append(files, d)
 		case tar.TypeReg:
-			if strings.Contains(header.Name, "..") {
-				return nil, fmt.Errorf("not allowed relative path in tar archive")
-			}
-
 			f := filepath.Join(destDir, strippedName)
 			outFile, err := os.Create(filepath.Clean(f))
 			if err != nil {