Yes, he did what he could. He was already having a package and you just used some money and asked him to rename his package because you like that. This is what you used laws for.
Your trademark thing is completely a concept against open source where you can even buy someone’s package name and force them to rename their package because you like that. That is called misuse of laws and powers. And then he did what he could.
And now what you guys want to show here on your blog? That one day you will come with someone’s name’s trademark registered and will ask him/her to change that only because you spent some money? For an open source contributor their package is their identity in open source world.
And yes, if NPM can’t secure this type of open source self respect then which open source package is safe there?