I've been following the reaction to GitHub Copilot's technical preview since it launched in June 2021, and six months in, the developer community is still producing a range of reactions. Some developers are enthusiastic about the productivity gains, while others are concerned about code quality, copyright, and the future of software development as a career.
Developers who use Copilot for routine coding tasks like boilerplate generation, test scaffolding, and repetitive patterns report genuine productivity gains. The completion is contextually aware of the surrounding code and can generate working implementations of standard patterns on the first try, making it a valuable tool for experienced developers.
In my own experience with Copilot, I've found it to be particularly useful for generating boilerplate code for RESTful APIs. For example, I was able to generate a working implementation of a CRUD API in Python using Flask in a matter of minutes. The code was well-structured and followed best practices, which saved me a significant amount of time.
However, Copilot also generates code that compiles but may have subtle bugs, security vulnerabilities, or licensing issues. Researchers have found that Copilot generates insecure code in a significant fraction of cases when prompted with security-sensitive contexts. This code may look correct to a junior developer, but would be caught by a thorough code review.
The concern is that developers with less experience may be more likely to accept problematic code suggested by Copilot. This is a significant issue, as it could lead to security vulnerabilities or other problems in production code. Experienced developers, on the other hand, can use Copilot as an advanced autocomplete tool and get real value from it. For instance, I've seen cases where Copilot suggested code that used a vulnerable library, which would have been caught by a senior developer but might have slipped past a junior developer.
Another issue with Copilot is the copyright question. The tool was trained on public GitHub code, which includes code under various open source licenses like GPL, MIT, and Apache. Copilot sometimes reproduces verbatim code from its training data, which raises the question of whether this constitutes copyright infringement. I've seen cases where Copilot generated code that was identical to existing open-source code, which raises concerns about licensing and attribution.
The Software Freedom Conservancy and individual developers have raised concerns about the license implications of Copilot's code generation. As of 2021, the legal question of whether Copilot's reproduction of code from its training data constitutes copyright infringement has not been resolved. This uncertainty makes it difficult for developers to use Copilot with confidence, particularly in projects with strict licensing requirements.
The discussion about whether AI coding tools like Copilot threaten developer jobs is also ongoing. While some developers are concerned that Copilot could replace them, the empirical evidence suggests that it assists experienced developers rather than replacing them. The code generation quality degrades significantly outside well-understood patterns, which limits its usefulness for complex tasks.
In terms of team structure, I've seen cases where Copilot has enabled teams to shift their focus from junior-level tasks to more senior-level work. For example, one team I worked with was able to automate 30% of their boilerplate code generation using Copilot, which freed up their junior developers to focus on more complex tasks. However, this also meant that they needed to bring in more senior developers to review and maintain the code generated by Copilot.
The more plausible near-term effect of Copilot is that it may shift the ratio of senior to junior developers that a team needs. As junior-level boilerplate work is automated, teams may require more senior developers to review and maintain the code. This could lead to changes in the way teams are structured and how developers work together.