diff --git a/pkg/analysis/passes/osvscanner/lockfile/parse-pnpm-lock_test.go b/pkg/analysis/passes/osvscanner/lockfile/parse-pnpm-lock_test.go
index c622dd01..35e07813 100644
--- a/pkg/analysis/passes/osvscanner/lockfile/parse-pnpm-lock_test.go
+++ b/pkg/analysis/passes/osvscanner/lockfile/parse-pnpm-lock_test.go
@@ -14,3 +14,19 @@ func TestParsePnpmLock_Dependencies(t *testing.T) {
 	require.NoError(t, err)
 	require.Len(t, packages[4].Dependencies, 15)
 }
+
+// Regression test for https://github.com/grafana/plugin-validator/pull/282
+// Corrupted lockfiles with malformed package keys should be handled gracefully.
+func TestParsePnpmLock_CorruptedLockfile(t *testing.T) {
+	t.Parallel()
+	aLockfile := filepath.Join("..", "testdata", "node", "corrupted-pnpm", "pnpm-lock.yaml")
+	packages, err := ParsePnpmLock(aLockfile)
+	require.NoError(t, err)
+	// Only the 2 valid packages should be parsed, corrupted entries should be skipped
+	require.Len(t, packages, 2)
+	// Packages are sorted alphabetically by name
+	require.Equal(t, "another-valid", packages[0].Name)
+	require.Equal(t, "2.0.0", packages[0].Version)
+	require.Equal(t, "valid-pkg", packages[1].Name)
+	require.Equal(t, "1.0.0", packages[1].Version)
+}
diff --git a/pkg/analysis/passes/osvscanner/testdata/node/corrupted-pnpm/pnpm-lock.yaml b/pkg/analysis/passes/osvscanner/testdata/node/corrupted-pnpm/pnpm-lock.yaml
new file mode 100644
index 00000000..6d0e0659
--- /dev/null
+++ b/pkg/analysis/passes/osvscanner/testdata/node/corrupted-pnpm/pnpm-lock.yaml
@@ -0,0 +1,18 @@
+lockfileVersion: '6.0'
+
+packages:
+  # Valid package - should be parsed
+  /valid-pkg/1.0.0:
+    resolution: {integrity: sha512-validhash}
+
+  # Edge case: empty string key (triggers empty parts slice after split)
+  '':
+    resolution: {integrity: sha512-emptyhash}
+
+  # Edge case: no leading slash (triggers empty parts slice after parts[1:])
+  malformed-no-slash:
+    resolution: {integrity: sha512-malformedhash}
+
+  # Another valid package to verify parsing continues after edge cases
+  /another-valid/2.0.0:
+    resolution: {integrity: sha512-anotherhash}