Consider limited validation on deserialization

[Crell]

From Reddit, maybe we should do some validation on the object after it's loaded?

https://www.reddit.com/r/PHP/comments/wduj55/comment/iin84r2/?utm_source=reddit&utm_medium=web2x&context=3

public function __construct(private string $name) { … }

No one would expect this class to exist with an uninitialized property $name. Yes, Reflection makes it possible to create it, but then you should make sure it's not left in this state. I believe that when you specify strict: true on a non-nullable property, it should throw an error when this attribute is missing, because it's violating its type. Feel free to disagree, but even Rust's serde works that way.

So at least basic type validation around uninitalized values.

The problem is knowing which properties should get validated like that, in which case we may need an explicit flag of some kind.