Friend or Foe?
GitHub Copilot, Cursor, and ChatGPT have changed coding forever. They can write boilerplate in seconds and explain complex regex in milliseconds. But they can also introduce subtle bugs and security vulnerabilities.
⚡ Velocity vs. Quality
AI allows you to type faster. It does not allow you to think faster. The bottleneck is no longer typing; it's reviewing.
The Risks of AI Code
AI models are trained on public code, including bad code.
The AI Code Review Checklist
- Security: Did the AI hallucinate a package that doesn't exist? (Supply chain attack)
- Logic: Does the edge case handling actually make sense?
- Secrets: Did it accidentally suggest a hardcoded API key pattern?
- Complexity: Is it suggesting a complex one-liner where a simple loop is more readable?
Effective Prompting for Code
Garbage in, garbage out. To get good code, you need to provide context.
| Bad Prompt | Good Prompt |
|---|---|
| "Write a function to fetch users." | "Write a TypeScript function to fetch users from /api/users using Axios. Handle 401 and 500 errors. Return a strongly typed User array." |
| "Fix this bug." | "This function fails when the input array is empty. Fix it to return null in that case, and explain the fix." |
Context is King: In tools like Cursor, reference your existing files (e.g., @UserType.ts) so the AI knows your project's structure and conventions.
Conclusion
The AI won't replace you, but a developer using AI effectively will replace a developer who ignores it. Use it as a junior pair programmer: trust, but always verify.
