Pardon my ignorance, but isn’t code signing designed to stop attacks exactly like this? Even if an npm token was compromised, I’m really surprised there was no other code signing feature in play to prevent these publish events.

Code signing just says that the code was blessed by someone's certificate who at one time showed an id to someone else. Nothing to do with whether the content being signed is malicious (at least on some platforms).