GitHub Copilot
What is GitHub Copilot?
GitHub Copilot is an AI autocomplete built into your editor. As you type, it suggests the next line, next function, or an entire code block. You accept suggestions with Tab, dismiss with Escape, and cycle through alternatives with Alt+].
It's trained on billions of lines of public code and understands context from:
- The file you're editing
- Other open tabs
- Your variable names and comments
- The language and framework in use
Setting Up
VS Code:
- Install the GitHub Copilot extension from the marketplace
- Sign in with your GitHub account
- Requires a Copilot subscription (free for students via GitHub Education)
JetBrains (WebStorm, IntelliJ):
- Install from Plugins → Marketplace → GitHub Copilot
Neovim / other editors:
- Official plugins available at github.com/github/copilot.vim
How to Guide Copilot Effectively
Copilot reads your context to generate suggestions. Better context = better suggestions.
Write a comment describing what you want
// Parse a JWT token and return the payload, return null if invalid
function parseToken(token) {
// Copilot fills this in
Name your variables and functions descriptively
// Copilot will suggest very different code for these:
function p(d) { ... } // vague — bad suggestions
function parseUserFromDatabase(data) { ... } // clear — good suggestions
Use types (TypeScript)
TypeScript types give Copilot far more context than plain JavaScript:
interface User {
id: number;
name: string;
email: string;
role: "admin" | "user";
}
function getUserPermissions(user: User): string[] {
// Copilot knows exactly what user looks like
Open related files in tabs
Copilot reads your open tabs as context. When working on userController.js, also open userService.js and userModel.js — Copilot uses those patterns to generate consistent code.
Copilot Chat
Copilot Chat (Ctrl+Shift+I in VS Code) lets you ask questions and request changes in natural language:
You: What does the `authenticate` function on line 42 do?
Copilot: The `authenticate` function verifies a JWT token from the
Authorization header. It decodes the token using the JWT_SECRET
environment variable, attaches the decoded payload to req.user,
and calls next() if valid. Returns 401 if the token is missing or invalid.
Useful slash commands in Copilot Chat:
| Command | What it does |
|---|---|
/explain | Explain selected code |
/fix | Fix a bug in selected code |
/tests | Generate tests for selected code |
/doc | Add documentation to selected code |
/optimize | Suggest performance improvements |
What Copilot is Good At
- Boilerplate — CRUD endpoints, model definitions, form handlers
- Tests — generating test cases from function signatures
- Regex and string manipulation — pattern-matching logic
- Converting between formats — transforming one data shape to another
- Filling in repetitive patterns — if you've written
getUser, it'll predictgetPost,getComment
What Copilot Gets Wrong
- Security — it will suggest SQL queries with string interpolation, missing input validation, and weak auth patterns without hesitation
- Business logic — it doesn't know your domain; treat all business logic suggestions skeptically
- Outdated APIs — training data has a cutoff; it may suggest deprecated methods
- Complex algorithms — it can produce plausible-looking but subtly wrong implementations
Always review Copilot's output. Accepting suggestions without reading them is how bugs get introduced.
Effective Workflows
TDD with Copilot
- Write the test first (Copilot can suggest test cases if you describe the expected behavior in comments)
- Write a function signature
- Let Copilot suggest the implementation
- Run the test — if it fails, describe the failure to Copilot Chat and ask for a fix
Documentation generation
Select a function, then use /doc in Copilot Chat or press Ctrl+I:
// Before
function debounce(fn, delay) {
let timer;
return (...args) => {
clearTimeout(timer);
timer = setTimeout(() => fn(...args), delay);
};
}
// After Copilot /doc
/**
* Creates a debounced version of a function that delays invoking it
* until after `delay` milliseconds have elapsed since the last invocation.
* @param {Function} fn - The function to debounce.
* @param {number} delay - The delay in milliseconds.
* @returns {Function} The debounced function.
*/
function debounce(fn, delay) { ... }
Code review prep
Before committing, select your changes and ask Copilot Chat:
- "Are there any edge cases I'm not handling?"
- "Is this code vulnerable to any injection attacks?"
- "Is there a simpler way to write this?"
Keyboard Shortcuts (VS Code)
| Action | Shortcut |
|---|---|
| Accept suggestion | Tab |
| Dismiss suggestion | Escape |
| Next suggestion | Alt+] |
| Previous suggestion | Alt+[ |
| Open Copilot Chat | Ctrl+Shift+I |
| Inline chat | Ctrl+I |
| Copilot suggestions panel | Ctrl+Enter |