diff --git a/__tests__/config.test.ts b/__tests__/config.test.ts
index 767320a9c..55ec02d6d 100644
--- a/__tests__/config.test.ts
+++ b/__tests__/config.test.ts
@@ -54,6 +54,18 @@ test('it raises an error if an empty allow list is specified', async () => {
   )
 })
 
+test('it raises an error when an invalid package-url is used for deny-packages', async () => {
+  setInput('deny-packages', 'not-a-purl')
+
+  await expect(readConfig()).rejects.toThrow(`Error parsing purl`)
+})
+
+test('it raises an error when an argument to deny-groups is missing a namespace', async () => {
+  setInput('deny-groups', 'pkg:npm/my-fun-org')
+
+  await expect(readConfig()).rejects.toThrow(`purl must have a namespace`)
+})
+
 test('it raises an error when given an unknown severity', async () => {
   setInput('fail-on-severity', 'zombies')
 
diff --git a/__tests__/test-helpers.ts b/__tests__/test-helpers.ts
index 961cbddbc..529b18a20 100644
--- a/__tests__/test-helpers.ts
+++ b/__tests__/test-helpers.ts
@@ -19,7 +19,9 @@ export function clearInputs(): void {
     'BASE-REF',
     'HEAD-REF',
     'COMMENT-SUMMARY-IN-PR',
-    'WARN-ONLY'
+    'WARN-ONLY',
+    'DENY-GROUPS',
+    'DENY-PACKAGES'
   ]
 
   // eslint-disable-next-line github/array-foreach
diff --git a/src/schemas.ts b/src/schemas.ts
index a9022b4a8..1fa7788fc 100644
--- a/src/schemas.ts
+++ b/src/schemas.ts
@@ -6,9 +6,39 @@ export const SCOPES = ['unknown', 'runtime', 'development'] as const
 
 export const SeveritySchema = z.enum(SEVERITIES).default('low')
 
-const PackageURL = z.string().transform(purlString => {
-  return parsePURL(purlString)
-})
+const PackageURL = z
+  .string()
+  .transform(purlString => {
+    return parsePURL(purlString)
+  })
+  .superRefine((purl, context) => {
+    if (purl.error) {
+      context.addIssue({
+        code: z.ZodIssueCode.custom,
+        message: `Error parsing purl`
+      })
+    }
+  })
+
+const PackageURLWithNamespace = z
+  .string()
+  .transform(purlString => {
+    return parsePURL(purlString)
+  })
+  .superRefine((purl, context) => {
+    if (purl.error) {
+      context.addIssue({
+        code: z.ZodIssueCode.custom,
+        message: `Error parsing purl`
+      })
+    }
+    if (purl.namespace === null) {
+      context.addIssue({
+        code: z.ZodIssueCode.custom,
+        message: `purl must have a namespace, and the namespace must be followed by '/'`
+      })
+    }
+  })
 
 export const ChangeSchema = z.object({
   change_type: z.enum(['added', 'removed']),
@@ -48,7 +78,7 @@ export const ConfigurationOptionsSchema = z
     allow_dependencies_licenses: z.array(z.string()).optional(),
     allow_ghsas: z.array(z.string()).default([]),
     deny_packages: z.array(PackageURL).default([]),
-    deny_groups: z.array(PackageURL).default([]),
+    deny_groups: z.array(PackageURLWithNamespace).default([]),
     license_check: z.boolean().default(true),
     vulnerability_check: z.boolean().default(true),
     config_file: z.string().optional(),