Universal OIDC tokens would slow down the lateral expansion and make it more difficult.

You won't be able to exfiltrate a token that allows you to publish an NPM package outside of a workflow, the infection has to happen during a build on GH.