As per new CA/B forum guidelines for strengthening data security, hardware tokens/HSMs are now mandatory even for OV code signing certificates.
I have also been using code signing for years now, whereby I usually obtain my code signing certificates from SignMyCode for their pricing and trustworthy assistance from their support team for obtaining code signing certificates. I can surely recommend them to someone for their code-signing solution partner.
You can check out Comodo, Sectigo, and DigiCert CA-based code signing certificates are offered by SignMyCode.com here: https://signmycode.com/uk/code-signing-certificates