diff --git a/composer.json b/composer.json
index 386126d..79324d7 100644
--- a/composer.json
+++ b/composer.json
@@ -31,7 +31,7 @@
         }
     },
     "require-dev": {
-        "vimeo/psalm": "~5.6",
+        "innmind/static-analysis": "^1.2.1",
         "innmind/black-box": "~6.5",
         "innmind/coding-standard": "~2.0"
     }
diff --git a/src/ViaBasicAuthorization.php b/src/ViaBasicAuthorization.php
index 7caa170..7a8d75c 100644
--- a/src/ViaBasicAuthorization.php
+++ b/src/ViaBasicAuthorization.php
@@ -36,7 +36,13 @@ public function __invoke(ServerRequest $request): Attempt
             ->filter(static fn($header) => $header->scheme() === 'Basic')
             ->attempt(static fn() => new \RuntimeException('Failed to resolve identity'))
             ->flatMap(function($header) {
-                [$user, $password] = \explode(':', \base64_decode($header->parameter(), true));
+                $string = \base64_decode($header->parameter(), true);
+
+                if (!\is_string($string)) {
+                    return Attempt::error(new \RuntimeException('Malformed authorization header parameter'));
+                }
+
+                [$user, $password] = \explode(':', $string);
 
                 return ($this->resolve)($user, $password);
             });