Serializer VS Infection

Making a class "final" is always a bad decision IMO. You would never know how will other people use your library. For example, we used JMSSerializerBundle and wanted to extend DateHandler to make it not to throw exceptions if a date string is invalid. But the class is final. So we had to just copy-paste it :(

Or this popular alternative: https://jmsyst.com/libs/serializer

JMS Serializer: This library allows you to (de-)serialize data of any complexity. Currently, it supports XML and JSON.

Only took a very brief look, but it looks nice. I like that the DTO class isn't required to extend anything, and that it seems to be for real DTOs used for actual transfer of data between systems - not 'local dtos'. It feels like this might be more comparable to something like schmittjoh/serializer rather than spatie/data-transfer-object.

When it's time to create the PDF, convert the object structure to an XML using an already existing serializer (like JMS or symfony serializer) or do this by hand.

One frequently used serializer is JMS Serializer which allows you to convert JSON or XML to objects (or the other way around if needed). You can then use the objects in your application.

consider adding mutation tests

Obviously, we can not generate mutants manually. For that purpose, there are mutation testing utilities. For PHP, we have Infection.

Infection: PHP Mutation Testing library. Plugins: roave/infection-static-analysis-plugin: Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis bitexpert/captainhook-infection: Captain Hook Plugin to run InfectionPHP only against the changed files of a commit

Infection: PHP Mutation Testing library. Plugins: roave/infection-static-analysis-plugin: Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis bitexpert/captainhook-infection: Captain Hook Plugin to run InfectionPHP only against the changed files of a commit

If you want to enforce testing automatically probably the best option is to rely on mutation testing, using Infection. That doesn't just check that the tests cover the code, it checks that if the code was different to what it is then the tests would (usually) fail.

IMO code coverage is a very flawed metric on its own. A high percentage doesn't guarantee that the tests actually test the right things, and it would be much more efficient if mutation testing was used (e.g. Infection). It still uses the generated code coverage reports, but only as a base for its own metrics.

For your last edit - you can also add infection which will infect your code with other values, like if you expect a positive number, it will try and inject a negative number - and see what happens - does your code break everything or something. Also it will try to inject false where you might expect a true and many many other things, and yes you will get some weird results from infection, but its a good thing to look at, and atleast check the logs and see why the infection failed at a test.

The only one that I've used is infection for PHP.

That's practically a light form of mutant testing. Have you checked Infection?